Tag Archives: Xavier Mertens

SANS reports ransomware impersonating voice messages

28th August 2016

Posted at SANS 23rd August by Xavier Mertens for SANS Internet Storm Center: Voice Message Notifications Deliver Ransomware. Despite coming from ‘voicemail@*’ and the attachment having the filename extension ‘wav.zip’, these are not sound files but, apparently, ransomware. A more recent VirusTotal report than that cited in the report indicates that many vendors are associating the campaign with Nemucod.

Nemucod is now broken out into its own resource page on this site.

David Harley