Black Friday and Cyber Monday Spam Messages Distribute Ransomware

Microsoft has warned users that computer criminals are distributing dangerous ransomware as part of the Black Friday and Cyber Monday sales.

Microsoft Warns About Black Friday and Cyber Monday Ransomware Campaigns

Microsoft experts have uncovered that computer criminals are abusing the craze around the Black Friday and Cyber Monday sales by sending spam email messages to unsuspecting users which distribute dangerous ransomware.

The hackers have used the names of Amazon and other online retailers to fool the users into infecting themselves with ransomware. A sample email message excerpt contains the following text:

Dear Customer,

Greetings from,

We are writing to let you know that the follwing item has been sent using FedEx.

For more information about delivery estimates and any open orders, please visit

Your order #XXX-XXXXXXX-XXXXXXXX (received November 8, 2016)

Your riht to cancel:
At Amazon.comwe want you to be delighted every time you shop with us. O=ccasionally though, we know you may want to return items. Read more about o=our Return Policy at:

Further, under the United Kingdom’s Distance Selling Regulations, you have = the right to cancel the contract for the purchase of any of these items wit=hin a period of 7 working days, beginning with the day after the day on whi=ch the item is delivered. This applies to all of our products. However, we = regret that we cannot accept cancellations of contracts for the purchase of= video, DVD, audio, video games and software products where the item has be=en unsealed. Please note that we are unable to accept cancellations of, or r=eturns for, digital items once downloading has commenced. Otherwise, we can= accept returns of complete product, which is unused and in an “as new” con=dition.

Our Returns Support Centre will guide you through our Returns Policy and, w=here relevant, provide you with a printable personalised return label. Ple=ase go to to use our Returns Suppor=t Centre.


The messages contain malicious ZIP archive attachments which appear to contain order information. In reality these files contain dangerous payloads, in many cases ransomware and Trojans that pose a serious threat to the computer owners.

Several of these messages have been used to distribute the Locky threat.

The online retailers have already taken measures against such attacks by posting comprehensive guides and articles that help their customers to distinguish between legitimate and counterfeit emails.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *