Emails asking employees to download and run a ‘ransomware system update’ were sent from newly created domains controlled by cybercriminals. The emails look rather convincing: they look like they are coming from the company help desk staff, they contain no egregious grammar or spelling errors, and are quick to come to the point. The delivered payload was, unfortunately, the Cobalt Strike penetration testing tool ‘ a tool loved by many attackers. The payload is detected as a possible threat by quite a few of AV solutions, but not most of them.
Source: https://www.helpnetsecurity.com/2021/06/07/ransomware-system-update-emails/