Early this week, many employees received an email with the subject “img”, as entire content “Sent from my Lenovo” and as attachment malware with a name like “IMG_0112201135_2015 JPEG.cab”. A “.cab” file is a compressed archive, similar to a zip file. Because people on Windows PCs usually do not see file extensions, this seems to be a picture (JPEG) to them, but it is a “….JPEG.exe”. Double clicking on the fake picture infects the computer by executing the “.exe”. Therefore C&CZ changed the MIMEDefang filter on the Science mailserver to remove “.cab” attachments from mails, as has been done for years with other dangerous extensions like “.exe”. When a user fell for this malware all kinds of files were encrypted by the malware and the user was notified about a ransom that had to be paid to decrypt the files. This could be fixed by reinstalling the PC and restoring a backup of before the encryption. As of today, this malware is also detected by F-Secure. Idea: change your Windows settings not to hide file extensions.