From CERT.pl:
During the SECURE conference, we presented a talk outlining actions performed by a group of criminals, which we have called “The Postal Group”. Their name is derived from the fact that they masquerade their phishing attacks as messages from the post office. This phishing then leads to either cryptolocker or a banking trojan. This group also has some connections to the authors of Slave and Banatrix malware. All of our findings are compiled into a report, which can be downloaded from: