Ransomware attacking Amazon users by a spear phishing email campaign. This is a massive and a scary phishing email attack that is targeting amazon users. Researcher have found that this ransomware spreading campaign is the biggest campaign in this year.

Locky Ransomware Attacking Amazon Users:

Comodo Threat Research Lab’s team reported about this campaign. The director of Comodo Research Lab, Fatih Orhan has said about this campaign that ” This attack was occurred on May 17,2016 and lasted for 12 hours. Within 12 hour more than 300 million spam messages was sent to peoples, these spam messages claims itself as a update from the amazon on their shipping-order system.

How Locky Ransomware Attacking Amazon Users?


This campaign targets the amazon user who are using Microsoft Word. Amazon users getting emails from email,auto-shipping@amazon.com . The emails comes with Subject “Your Order Has Been Dispatched With Order #123”. The body of the email will be blank but there is an Microsoft Word’s file attached with that email. When some one begin to open that attached file it will say to enable macros in order to view your attachment, if some one enables the macros, a java script will run hiddenly and downloads the Locky Ransomware on computer.


The computers in which Locky Ransomware is installed will encrypts all the stored data in it. The encrypted data can not be unlocked until you don’t pay to the ransomware’s owner. Ransomware campaigns now a days becomes a headache for computer users because there is only some ransomwares that can be decrypted for free Like, Jigsaw Ransomware, ESET TeslaCrypt Decryptor which decrypts TeslaCrypt Ransomware , CryptXXX Ransomware Decrypter, and Petya Ransomware decryptor tool. Other Ransomware’s like AlphaLocker ransomware, Locky Ransomware are can not be decrypted yet.

This is not the first time that Locky Ransomware spreading through email campaign. Before this campaign Trustwave security researcher’s team also reported a email attack campaign in March 2016. The Locky ransomware was spread through that campaign via sending spam email containing payload and java script.


Some Security Tips To Stay Save From Locky Ransomware Attacking Users Campaign:


  1. Every malicious email that contains a macro will force you to enable macros, we are suggested you to do not enable macros of Microsoft Word until you don’t verify that this emails is comes from a trusted person or a network.
  2. Be aware from this type of campaign by visiting internet security websites.
  3. Always up to date your antivirus or cloud protection which will stop these kind of spam emails.
  4. Amazon users can report about any phishing email which help amazon to alert it all users.