Locky ransomware changed its delivery technique, according to an analysis by IT security provider PhishMe.
The new two-step process causes users to infect their software system by downloading a PDF. Upon opening the PDF, recipients are asked whether they give permission for the PDF reader application to open a second file. This second file, which is extracted from the original PDF document, opens a Word document. The document then runs a macro script application, which infects the system.
These new Locky infections have requested one bitcoin as ransom. At the time of publication, one Bitcoin was worth more than $1,200, according to PhishMe.
Click here to view the full analysis.