What is Locky DropBox Ransomware?
The attack campaign involves crypto-locking Locky dropbox ransomware via DropBox emails.
Some spam contains links to infected sites, while other messages carry malicious attachments.
Not all of the Locky spam emails arrive with malicious attachments; some are designed as phishing attacks that redirect users to real-looking but malicious sites, in this case sites spoofing Dropbox.
An e-crime specialist at CSIS Security Group in Denmark, says some emails related to this ransomware campaign are skinned to look like they’ve come from Dropbox. Some will attempt to trick recipients into clicking on a “verify your email” link.
The dropbox.html file that loads is designed to look like the legitimate Dropbox site. Clicking on a link can result in a zipped attack file being downloaded. Read more on the DropBox forum.
INC Tech’s MailSafe email filter successfully protected clients from this campaign
MailSafe: The MailSafe Email Security Solution & Email Filter.
INC Tech’s MailSafe defends against emerging threats, assures continuous email stream flow, protects against data loss and helps fulfill regulatory compliance, while assuring the fast, accurate delivery of business-critical email.