Cyber crooks are looking to exploit financial fear by spreading Locky in phishing emails that claim the recipient's credit card has been suspended in the latest scam to spread the ransomware.
Researcher Graham Cluley spotted a recent spate of spam attacks using this and similar techniques, including false parcel delivery notifications, to trick users into clicking on the malicious Zip file attachment, according to a November 9 blog post.
If opened, the file downloads a remote version of Locky from a remote server from one of five URLs, saved in a saved in a temporary folder, and the file is executed without any requirement for further user interaction.
The malicious files were detected as Trojan.JS.Downloader.GXW, Trojan.Js.Downloader.Na, Trojan.Ransom.Locky.BF however, Cluley said the criminals frequently change the names and contact details used in the emails meaning that you cannot always rely on them looking the same.