Once considered almost dead, the Locky strain of ransomware has continued its resurgence with a new email distribution campaign, which researchers say is one of the largest malware campaigns of this half of the year.
Over 23 million messages containing Locky were sent in just 24 hours on 28 August, with the attacks spiking in time to hit US workers as they arrived at their desks on Monday morning.
The new campaign was discovered by researchers at AppRiver who say it represents "one of the largest malware campaigns seen in the latter half of 2017".
Millions of emails were sent with subjects such as 'please print', 'documents' and 'scans' in an effort to spread Locky ransomware.
The malware payload was hidden in a ZIP file containing a Visual Basic Script (VBS) file, which if clicked, goes to download the latest version of Locky ransomware -- the recently spotted Lukitus variant -- and encrypts all the files on the infected computer.
While the delivery method might seem basic, it's worth remembering that only a handful for the millions of messages sent need to successfully deliver the malicious payload to provide the attackers with a significant profit.
Victims unfortunate to succumb to Locky are presented with a ransom note demanding 0.5 bitcoin ($2,300/£1800) in order to pay for "special software" in the form of a "Locky decryptor" in order to get their files back.
Instructions on downloading and installing the Tor browser and how to buy Bitcoin are provided by the attackers in order to ensure victims can make the payment.
But Locky has since had its position as king of ransomware usurped by Cerber, although this sudden resurgence shows that it remains very much a threat, especially as there isn't a free decryption tool available to victims.