The Necurs botnet slept for a few weeks, although researchers werent sure why. During that time period, there was a drop in spam emails that contained Locky ransomware attachments. The new campaign focuses on delivering downloaders for Locky via poisoned emails. The downloader used by Locky is written in JavaScript, so its simple to run and easy to open. Make sure not to open any attachments from suspicious invoices, especially if they have suspicious file names.”]
Source: https://securityintelligence.com/news/necurs-botnet-comes-back-from-the-dead/