SC Magazine - Major malspam campaign pushing Locky ransomware via spoofed internal email addresses

A large malspam campaign using spoofed email addresses has attempted to infect recipients with Locky ransomware in roughly 20 million detected attacks since Tuesday, researchers from Barracuda Networks have reported.According to Fleming Shi, Barracuda's senior vice president of advanced technology engineering, it appears that the bot behind the campaign is able to generate fake email addresses that make it look as if the offending email is arriving internally from the recipients' own organization. "This makes it a little more likely people will click on it," said Shi, speaking with SC Media.