In the immediate aftermath of a major data breach, cybercriminals will often look to take advantage of the situation by sending phishing emails warning people their credentials aren't safe and that they must login through a malicious link to ensure they're safe - when clicking through will just add to their problems.
The hack at the federal agency saw the theft of personal details of 22 million people and researchers at PhishMe have spotted hackers playing on fears of victims that they're still at risk of fraud and identity theft - and are using fear in an attemp to trick them into allowing ransomware to encrypt their files.
The targets of these hackers are sent an email which claims to be from the OPM warning of "suspicious movements" in their bank account, with a ZIP attachment purporting to contain information about their records.
"The Locky threat actors once again demonstrate their unscrupulous nature and willingness to exploit the misfortune of others at any step in their delivery and infection process," says Brendan Griffin, threat intelligence manager at PhishMe.
Previously an attack method which was more focused on individual users and home networks, ransomware is now targeting more and more businesses; they're bigger targets and the perpetrators are often able to demand higher ransoms to unencrypt the files.
But it isn't just large organisations which are targeted by ransomware; small and medium sized businesses are attacked by it too and more so than ever before; figures from Kaspersky Lab, small businesses faced eight times more ransomware attacks during the third quarter of 2016 than they did during the same period last year.
According to the Kaspersky Security Network, 27,471 attempts to block access to corporate data were detected and repelled by Kaspersky software in Q3 2016, compared to 3,224 similar attacks in the same period of 2015.