Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn t actually encrypt. The campaign includes several different emails that all use social engineering around payment receipts to encourage people to click on an attached file that appears to be a PDF but that actually has malicious intent. The attached file in all these cases is not a PDF at all, but instead connects the system to a malicious domain to download the malware, which then connects to a C2 server.
Source: https://threatpost.com/email-campaign-fake-ransomware-rat/166378/