Spam Alert: Fake Fax Emails Include New CryptoLocker Ransomware

This morning we began seeing a malicious piece of spam containing a new version of CryptoLocker. The email begins as a very simple plain text email pretending to be an email delivered via fax, as seen in the example below. I would like to point out that in an effort to evade filters or at least make blocking these a bit harder, the spammer has been utilizing DropBox links to give to potential victims, similar to other virus campaigns that have attempted to utilize legitmate, especially free, services to hide their malware. In this instance it would appear that DropBox does not scan their stored files for malware and CryptoLocker is taking full advantage of this. Hopefully they will correct this soon.

It is strongly suggested that you delete this message and remove it from your Trash to avoid any accidental interaction with the link contained within. This is a very malicious and nasty bug. Not only does it encrypt local files, but it also seeks out and encrypts attached storage as well as network shares and encrypts everything on those as well. It then prompts the user to pay a ransom to decrypt the files. 

It is recommended that anyone infected ignore those prompts and instead isolate these machines from their networks and restore them from backups. This is a very complex encryption and removal has evaded everyone so far. On top of that, the malware itself is only being seen by 1 out of 51 Anti-Virus solutions currently. If something appears wrong or out of place, avoid it! This particular version requires the recipient of the email to click on the DropBox link to retrieve a Zip file. The Zip file must then be opened. Inside a file is revealed by the name of Fax-932971.scr. Note the screensaver (.scr) extension. Once the file is removed from the Zip it then appears as a pdf icon. For addintional information on how to deal with Cryptolocker, visit's guide here.


We are currently taking steps to adjust the filters on our end to capture similar emails going forward. If at anytime you are skeptical of an email you have received, please feel free to reach out to us for assistance. You can also find some additional steps on how to handle suspicious emails here.




Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk