Operators behind Locky ransomware campaigns have switched to new attack techniques to evade detection. One of the new techniques adopted by the crooks is the use of the Dynamic Data Exchange (DDE) protocol designed to allow data transferring between applications. DDE protocol allows an Office application to load data from another Office application, it was replaced by Microsoft with Object Linking and Embedding (OLE), but it is still supported. The threat actors delivered the spam messages through the Necurs botnet.”]
Source: http://securityaffairs.co/wordpress/64572/malware/locky-ransomware-via-dde-attacks.html