Locky hides under “Your Amazon.com order has been dispatched” message
Amazon customers have been targeted with widespread ransomware attacks. This was detected by security researchers at Comodo. They are warning that Amazon users are being sent emails with attached infected Microsoft Word documents. The infection happens through the macro that immediately triggers the download of a malicious script.
The detected attacks are still being analyzed, though early reports show it to be the infamous Locky ransomware or its version in the form of a trojan-ransomware. The ransomware encrypts the victim’s files and displays a ransom note, demanding money for the decryption key. The number of infections is still not known at the moment. What seems is that this is a massive and aggressive campaign.
Those, who open the file and enable the macros end up with Locky
Researchers at Comodo say that this attack against the users of Amazon is one of the largest spam ransomware campaigns detected this year. The phishing emails come from [email protected], pretending to be an Amazon notification. The attackers did a good job by masking the messages – everything in the email header appears legitimate. The subject is: “Your Amazon.com order has been dispatched” (followed by a code number). There is no text body in the email, however, the attached malicious Word file does its trick once the user allows the macros usage. Those, who open the Word file and enable the macros end up with Locky ransomware and encrypted files.
According to Comodo experts, the attack occurred on May 17 and lasted about 12 hours. It is roughly calculated that there are about 30 million spam messages released, pretending to be an update from Amazon on a shipping order.
This recent case comes as a warning that everyone using the Internet should be aware of the variety of threats and their sophisticated ways of distribution. Learning how to prevent and deal with malware is essential for a safe online experience. With some simple tips like ensuring all devices are updated, the anti-malware software being regularly patched and safety backups made, many users may save their money and nerves.