Nuspire’s Security Analytics Team Identifies Increase in Locky Ransomware Spam Emails

Locky Ransomware Increase Spam Email

Example of Locky Ransomware Spam Email

With the implementation of Nuspire’s nuEMAIL system, spam email campaigns are able to be identified when there is an increase in attack attempts.

On Sept. 1, 2016, Nuspire’s Security Analytics Team (SAT) noticed a large amount of quarantined emails with the subject lines:

Please find attached invoice no:(random string of numbers)


Voice Message from Outside Caller (2m 45s)

“Upon analysis in the test lab we were able to identify that these are indeed a strain of Locky that is being delivered via the Nemucod trojan,” said Shawn Pope of Nuspire’s SAT.

Pope said these emails contain a .zip file that when executed install the Nemucod trojan, and that this trojan is used as a dropper for the Locky ransomware. Once the ransomware is installed, the encryption process begins, ultimately leading to a demand of ransom payment in Bitcoin.

Nuspire’s SAT is performing a more in-depth analysis on this strain, but wanted to warn of this noticeable influx in spam attempts. As always, they recommend against opening any suspicious links, and to ask questions when in doubt.

For more information on how to avoid this and other types of ransomware, click here.

Nuspire Insights

Nuspire Infographic

Contact Us


Nuspire Infographic

Contact Us