A new malspam campaign is underway that is pretending to be PDF receipts, but instead installs the GandCrab ransomware on a victim’s computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script. The start of the chain of events that lead to the installation of the. infection is when a victim receives an email with a subject like “Receipt Feb-078122″”. When opened
Source: