SAT NEWS: Active Email Spam Campaign

skull and crossbones 1518822

Over the past 24 hours, Nuspire Networks’s SAT team has been monitoring a spam campaign via our nuMail service. This campaign has been found attempting to deliver the GlobeImposter/726 ransomware to Nuspire customers with multiple, differing subject lines such as "Voice Message Attached from," "Voicemail From,” and "Invoice NIC837385." These emails contain a .ZIP attachment that contains a malicious .VBS script file.

Once the .VBS script file is unzipped and executed, the malware contacts one of the malicious domains preloaded into the script in order to download the ransomware payload. Once the ransomware is dropped onto the machine, it begins the encryption process and ultimately presents the user with a ransom screen that demands a 0.37 ($997.15) Bitcoin payment. As always, paying the ransom is never recommended and the best method for restoring files is a functioning backup solution.

Below are some Indicators of Compromise (IOC's) we were able to obtain.

MD5 Hashes:




Malicious Domains:




Bitcoin Payment Address:


More information will be added as further developments arise.

Click here to learn more about nuMail, Nuspire’s Managed Enterprise Email service. 

Nuspire Insights

Nuspire Infographic

Contact Us


Nuspire Infographic

Contact Us