Just a quick heads up warning. We are starting to see Locky, Kovter delivery emails trickling in this morning. The sites and payloads are the same as described in this post https://myonlinesecurity.co.uk/spoofed-fedex-and-usps-kovter-and-locky-sites/ It looks like the Locky gangs are gearing up for a mass malspam, but are getting the delivery systems fine tweaked and having a few problems. We always see errors and problems before a mass Locky onslaught. If they keep to the sites they have been using for the last month or so, it will be relatively easy to track them & block malware.
Date: Mon 16/01/2017 23:30 ( arrived 07:35 utc 17 /01/ 2017)