There is a locky/Ransomware deluge going on right now. I normally block IP's of hosts trying to spam out Ransomware. (Always some compromised system rather then an actual SMTP server). Normally I get to relax after blocking about 100 IP's, Done or at least down to a very small trickle.

This week I'm up to over 400 IP and there is no sign of abatment. And they are coming relatively fast. (several an hour). Now I could just ignore them as they are all blocked by my spam filter rules. bat as the are a.) a compromised system and there for undesireable. and b.) wasting bandwidth. I just prefer to blacklist the IP temporarily.

I don't know what they've changed but best I can figure is they've set it up now so each new infection does an e-mail blast and then goes silent. I don't want to think this is true because if it is computers are getting infected at break neck speed. I pondered if it was an IoT thing but most of the stuff hitting my SMTP server seems to be from Infected PCs or servers.

If I'm seeing this much on my tiny SMTP server I can't imagine the flood that must be hitting major e-mail providers.

Update:

Might be an IoT thing after all.. just tried telnet'ing back to one that just Tried to spam me and got a "Login:" prompt. :/