A newly observed spam campaign is spreading a ransomware variant known as Sage 2.0 that is demanding a $2,000 ransom for the decryption key. The malicious messages have a ZIP attachment that contains a Word document with malicious macros that once executed download and install the Sage ransomware. Sage is considered a variant of CryLocker ransomware, it is being distributed by the Sundown and RIG exploit kits. The current campaign also uses steganography to exfiltrate information about the victims PC inside a PNG image.”]
Source: https://securityaffairs.co/wordpress/55650/malware/sage-2-0-ransomware.html