Locky ransomware had mysteriously vanished. Indeed, for a while, it completely disappeared and allowed for Cerber to take the number one spot as the most distributed piece of ransomware (and malware for that matter). However, the group controlling the Necurs botnet has just opened the spam floodgates again and is pumping out fake documents that deliver the nasty Locky ransomware right before going into the weekend. The attack relies on users opening up malicious attachments that will appear legitimate. Many studies have shown that users are often the weakest link in an attack chain and criminals know that too well. Malwarebytes protects against this attack at various layers including macro and ransomware mitigation, and neither of those required any signature update.