28th August 2016
Posted at SANS 23rd August by Xavier Mertens for SANS Internet Storm Center: Voice Message Notifications Deliver Ransomware. Despite coming from ‘voicemail@*’ and the attachment having the filename extension ‘wav.zip’, these are not sound files but, apparently, ransomware. A more recent VirusTotal report than that cited in the report indicates that many vendors are associating the campaign with Nemucod.
Nemucod is now broken out into its own resource page on this site.