{"id":315,"date":"2019-04-06T19:33:18","date_gmt":"2019-04-06T19:33:18","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=315"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"'Received-Documents-From-Your-Bank'-Emails-Contain-Locky-Ransomware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=315","title":{"rendered":"&#8216;Received Documents From Your Bank&#8217; Emails Contain Locky Ransomware"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\n&#8216;Payment&#8217; emails claim that the sender has received documents from your bank and urge you to open an attached file to review these documents. The emails claim \u00a0to be from a \u00a0Financial CEO, Accounts Manager, \u00a0Financial Manager, or similar management staff titles.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe emails are not from any legitimate financial manager. Nor does the attachment contain banking documents.  \u00a0Instead, the attached .zip file contains a malicious JavaScript file that, if opened, can download and install Locky ransomware.<\/p>\n<div class=\"example\">\n<p><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><\/p>\n<p><strong>Subject: FW: Payment 16-03-#647764<\/strong><\/p>\n<p>Dear [First name derived from email address],<\/p>\n<p>We have received this documents from your bank, please review attached documents.<\/p>\n<p>Yours sincerely,<\/p>\n<p>Wendell Cortez<br \/>\nFinancial CEO<\/p>\n<hr \/>\n<p>This email has been scanned by the Symantec Email Security.cloud service.<\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"5727909035\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nAccording to <a title=\"Malware spam: \" href=\"http:\/\/blog.dynamoo.com\/2016\/03\/malware-spam-fw-payment-16-03-507586-we.html\">malware emails<\/a> that are currently hitting inboxes, the senders have received documents from your bank and you should review these documents by opening an attached .zip file. The emails, which have a subject line consisting of the word &#8216;Payment&#8217; along with a date and a random number, also include the name of the supposed staff member who sent them.<\/p>\n<p>These staff names vary in different versions of the emails, as do the job description of the sender and the attachment name.  \u00a0The supposed sender might be described as a &#8216;Financial CEO&#8217;,  \u00a0an &#8216;Accounts Manager&#8217;,  \u00a0a &#8216;Financial Manager&#8217; or a similar title. To further the illusion of legitimacy, the criminals have included a footer line claiming &#8211; falsely &#8211; that the emails have been scanned by the &#8216;Symantec Email Security.cloud service&#8217;.<\/p>\n<p>Opening the attached .zip file reveals a malicious JavaScript (.js) file. Clicking this .js file will activate the JavaScript and cause it to download and install <a title=\"Locky ransomware \u00e2\u20ac\u201c what you need to know\" href=\"https:\/\/nakedsecurity.sophos.com\/2016\/02\/17\/locky-ransomware-what-you-need-to-know\/\">Locky ransomware<\/a>.<\/p>\n<p>Like other types of ransomware, Locky will lock all of the files on your computer and then demand a fee to receive a decryption key. Unfortunately, there is no easy or straightforward way of dealing with the malware and recovering your files unless you have good backups saved away from the infected computer.  \u00a0Even if you decide that the only option is to pay up, there is no guarantee that you will receive the unlocking key since you are dealing with criminals.<\/p>\n<p>If you receive one of these emails, do not open any attachments that it may have and do not click any links that it contains.<\/p>\n<div align=\"center\">\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1358951439\"\n     data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1.jpg\" data-rel=\"penci-gallery-image-content\"  rel=\"attachment wp-att-1216\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1216\" data-permalink=\"https:\/\/www.hoax-slayer.net\/received-documents-from-your-bank-emails-contain-locky-ransomware\/locky-ransomware-1-2\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1.jpg\" data-orig-size=\"800,519\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"locky-ransomware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1-300x195.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1.jpg\" class=\"aligncenter size-full wp-image-1216\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1.jpg\" alt=\"Locky Ransomeware\" width=\"800\" height=\"519\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1-300x195.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/locky-ransomware-1-1-768x498.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p class=\"date\">Last updated: March 14, 2016<br \/>\nFirst published: March 14, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"Malware Threat Articles\" href=\"http:\/\/www.hoax-slayer.com\/malware-threat-articles.shtml\">Malware Threat Articles<\/a><br \/>\n<a title=\"Malware spam: \" href=\"http:\/\/blog.dynamoo.com\/2016\/03\/malware-spam-fw-payment-16-03-507586-we.html\">Malware spam: &#8220;FW: Payment 16-03-#507586&#8221; \/ &#8220;We have received this documents from your bank, please review attached documents.&#8221;<\/a><br \/>\n<a title=\"Locky ransomware \u00e2\u20ac\u201c what you need to know\" href=\"https:\/\/nakedsecurity.sophos.com\/2016\/02\/17\/locky-ransomware-what-you-need-to-know\/\">&#8216;Locky&#8217; ransomware \u00e2\u20ac\u201c what you need to know<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/received-documents-from-your-bank-emails-contain-locky-ransomware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/received-documents-from-your-bank-emails-contain-locky-ransomware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: &#8216;Payment&#8217; emails claim that the sender has received documents from your bank and urge you to open an attached file to review these documents. The emails claim \u00a0to be from a \u00a0Financial CEO, Accounts Manager, \u00a0Financial Manager, or similar management staff titles. Brief Analysis: The emails are not from any legitimate financial manager. Nor [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/315"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=315"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/315\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}