JavaScript attachments infect with Locky ransomware in a massive e-mail campaign!

A massive distribution of malicious spam emails with JavaScript files attached has been detected by security researchers recently.

This massive e-mail campaign has been linked to the cybercriminals behind the Dridex botnet. They have been spotted switching their method of malware distribution with the usual Office files to using infected JavaScript (.js) attachments. The malware that is loaded through these malicious .js attachments is the infamous Locky ransomware.  It appears that somehow Dridex actors and this notorious ransomware are connected.

Locky infections through .js file attachments are reported mostly in Europe, but users in Canada and U.S. also have fallen victims of this large-scaled attack.


A warning of a boom in such spam emails with JavaScript files instead of documents is been released by numerous security experts. Hundreds of millions of messages are being sent daily to unsuspecting users as part of this massive malware attack campaign. Botnets are used to distribute the huge volume of spam emails with infected .js files. According to experts, this attack is the largest malware emailing campaign, observed in the recent years.

Locky Virus Ransomware File Removal

The scale of the attack comes to point out that cybercriminals now rely on new and unknown methods to spread infections rather than the well-known Office files infections with macros.  The thing is that, with time, users became aware of the threats hidden in .doc or .exe files. Therefore, hackers now are switching the tactics, relying on users’ disinformation. They believe that victims will be more likely to click on JavaScript files than they would on Office files.

The trick here is, that the icon looks very much like a document and it may confuse users. Some even may not know what type of file is .js and that it can hide the some danger inside. In fact, such infected files are ideal for distribution of not only Locky but also a wide variety of other ransomware such as the well-known CryptXXX, CryptoWall or even some new malware.

Cryp1 Ransomware – new extension to CryptXXX has just appeared!

Another warning sign, justifying the security experts’ concerns is that a massive increase in the spread of the JS/Danger.Script attachment has been detected by researchers recently. This malicious script is actually a dropper, created with the only purpose to download other malware on the infected PC. It usually introduces the system to crypto-ransomware infections like Locky ransomware and many more.

Ransomware: Security Threat Epidemy!

It is important for users not to get misled by the sophisticated social engineering tactics, used by the hackers. Their only goal is to make the unsuspecting users execute the malicious attachment. Being aware of the threats that are going around the web helps users be on alert and avoid infections.  Once again we will point out that ransomware is a trendy threat – one of the most dangerous malware infections spreading worldwide at the moment. Therefore, to be cautious is essential to our security.