Insights For Success

Strategy, Innovation, Leadership and Security

Locky Ransomware is king of SPAM emails

GeneralEdward KiledjianComment
Image by  Yuri Samoilov  used under creative commons license

Image by Yuri Samoilov used under creative commons license

We had lower than normal SPAM numbers for the last couple of quarters but the evil scourge of the internet is back with a vengeance. Company CISOs and personal users probably noticed a rise recently of emails containing variants of the locky ransomware (encrypting) malware.

The number of SPAM emails containing malware reached an all time high, according to Proofpoints Q3 2016 report

Proofpoint Q3 email badware statistics

Proofpoint Q3 email badware statistics

Proofpoint said Locky was found in 96.8% of all malicious SPAM attachments. The vast majority contained a ZIP file containing a JavaScript file. We also saw Office documents containing malicious scripts, HTA files and WSF files.


  • HTA : HTML Application
  • WSF: Windows Scripting File

Other "fun" things found in these malware bundles included:

  • Pony Infostealer
  • Vawtrack banking Trojan
  • Tordal malware dropper
  • Panda Banker banking Trojan
  • CryptFile2
  • MarsJoke
  • Cerber

It's not all bad.... exploit kit activity is down 93% compares to the start of 2016.