New Locky Ransomware campaign uses Windows application-linking feature built into Windows. Attackers are using the feature to infect PCs via malicious Microsoft Word documents. Locky attacks debuted in 2016, but they diminished sharply at the beginning of the year before storming back in August. The latest Locky campaign has been launched by the prolific Necurs botnet, which has long been used by attackers to fling malicious spam, banking Trojans and ransomware – including Jaff – at potential victims. At the current sky-high valuation paying a 0.25 bitcoin ransom would cost $1,400.”]
Source: https://www.cuinfosecurity.com/locky-ransomware-spam-infects-via-microsoft-office-a-10392