Just as little as yesterdays order that proceeded. It Look like todays ransomware subject is Your Bill is Overdue. But then again, dont bother blocking it. Block ZIPed visual basic scripts. This round of Locky makes blocking a tad harder by using application/octet-stream as a Content-Type instead of application/zip.
(and about 2 hrs after publishing this diary, another small update: the Content-Type now changed to-) )
It may be safe to strip everything with an application/octet-stream attachment.
For the last 30 minutes, I received just about 1,000 attachments like that, and about 4000 total. The first one I received arrived just after 8 am UTC.
Anti-Virus coverage is spotty as usual. Kaspersky and Sophos seem to be doing a rather good job lately detecting the initial downloaders
As usual, Xaviers mime-zip-trojan script does a beautiful job of keeping these attachments out of your inbox:
https://github.com/xme/toolbox/blob/master/mime-zip-trojan.pl
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.