The SANS ISC shares an interesting & in-depth analysis of how a “Lost Files” Ransomware attack used same fake email message a former virus was packaged in years ago.

https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/

Malware developers don’t reinvent the wheel and re-use code published here and there. I spotted a ransomware which looked like a former Microsoft based email attack. Once processed, files are renamed with the extension ‘.Lost_Files_Encrypt‘. Apparently, the ransomware started to scan for SMB services (TCP/445) on random IP addresses after the initial infection. Probably trying to infect host vulnerable to EternalBlue.