Security researchers are warning of another major crypto-ransomware campaign which has so far been observed attacking 20 million user inboxes.
The threat, discovered in the second half of this week, arrives as many similar ransomware attacks do in the form of an unsolicited email.
The email itself is spoofed to appear to come from a legitimate source and the attachment name and number is included in the subject line and body of the message, for example: “Emailing: Payment_201708-6165”.
“This attachment is a JavaScript file in a 7zip archive that the Barracuda ATP Dynamic Analysis Layer identifies as a ‘file-encryption/ransomware’ type virus,” explained Barracuda Networks lead platform architect, Eugene Weiss.
He added that the best course of action is to have in place dedicated email security which will block the attack before it even arrives in the network.
The alert is just the latest in a long line of large-scale ransomware threats which have dominated 2017 so far.
In fact, Symantec reckons this year is set to top 2016 in terms of volume of infections.
It claimed to have observed 319,000 already during the first half of 2017, with 470,000 blocked during the whole of last year.
Also this week the latest variant of Locky resurfaced in 23 million emails sent out within a 24-hour period, according to AppRiver.
The email subject lines were kept deliberately vague, featuring words and phrases like “please print”, “documents”, and “photo”.
They feature a ZIP attachment containing a Visual Basic Script (VBS) file that if clicked will begin a Locky download.
Victims are required to pay an eye-watering $2150 (BTC 0.5) to ‘regain’ access to their files.
Also this week, it emerged that NHS Lanarkshire was forced to cancel operations over the bank holiday weekend in the UK after it was hit by Bitpaymer ransomware.
The same Trust was badly affected by WannaCry earlier in the year, highlighting the continued challenges facing NHS IT leaders in keeping systems resilient.