Over the past few days we have started to notice a larger than normal number of emails containing a link that downloads a .zip attachment with a .js file inside. This is the downloader for the actual payload which then encrypts the files.
Some of these emails are incredibly believable and appear at first glance to be genuine, see below:
The first link in this mail is the malicious one whereas the others will take you to genuine Xero sites.
Please be aware and educate your users. If you are worried about the threat of ransomware then please get in touch and find out how we can help you protect your business.