In the last couple of days we detected a high number of distribution campaings for the Ransomware/Cryptol0cker.
Received files are in particular .js and .doc and the e-mail subject has the prefix “Contratto” and 6 decimal numbers:
Files’ name enclosed have the following pattern:
Files execute the Ransomware/Cryptol0cker at the following URL:
Downloaded file has the following MD5: