As of February 2016, there is a new strain of malware circulating the internet, hidden in infected Microsoft Word documents. This ransomware, known as “Locky,” arrives in an user’s inbox as an email with a Microsoft Word document attached, containing malicious macros. Once enabled, the macros will scramble and encrypt files and the user must either pay a ransom, or hope that a recent backup will prevent any lost data.
How to Identify an Email Containing Locky
According to KnowBe4’s security awareness training blog, an email with ransomware will have a subject line similar to "ATTN: Invoice J-99223146" and a message such as "Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice." The content of the word document will appear scrambled and illegible with various fonts and symbols, and the top of the document will prompt the user to enable macros in order to read the document.
Screenshot of infected word document, courtesy of KnowBe4: