A newly observed spam email campaign appears to be preying on last year’s US Office of Personnel Management (OPM) breach incident to distribute the Locky ransomware, PhishMe researchers warn.
Ever since Locky first emerged in February this year, the actors behind it have been actively switching between different distribution methods to avoid detection. Not only did they use various attachment types in spam emails, such as macro-enabled Office documents, JavaScript, DLLs, and Windows Script Files (WSF), but they also changed the extension appended to encrypted files from .locky to .zepto and then .odin.
