SANS reports ransomware impersonating voice messages

28th August 2016

Posted at SANS 23rd August by Xavier Mertens for SANS Internet Storm Center: Voice Message Notifications Deliver Ransomware. Despite coming from ‘voicemail@*’ and the attachment having the filename extension ‘’, these are not sound files but, apparently, ransomware. A more recent VirusTotal report than that cited in the report indicates that many vendors are associating the campaign with Nemucod.

Nemucod is now broken out into its own resource page on this site.

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.