Proofpointhas detected a large CryptFile2 ransomware email campaign that appears to be targeting mainly primary state and local government agencies and education institutions in the USA. The campaign involves the sending of emails which embed malicious URLs that lead recipients to download Microsoft Word documents. Once opened, these documents trick users into enabling malicious content, which, in turns, downloads the final ransomware payload. The campaign started with hundreds of thousands of spam emails on 3 August, and has continued with several thousands emails over the following days. Proofpoint warns that entities which do not update their security mechanisms to detect and stop such malicious campaigns face the risk of having to pay the requested ransom for recovering their files.