Researchers are warning that miscreants have sent a massive amount of phishing emails that will attempt to download the Locky ransomware and encrypt user files.
Security vendor AppRiver said it has seen more than 23 million messages sent in the attack. It claims the campaign is one of the largest ransomware attacks seen so far.
The email messages are non-descript with subject lines such as "please print", "documents" and "scans", AppRiver said.
Clicking on the ZIP compressed attachment launches a Visual Basic Script file that downloads Locky and executes the ransomware.
Locky encrypts files on victims' computers, appending the .lukitus suffix to them. Users are instructed to pay a ransom of 0.5 Bitcoin (A$2975) to decrypt the files.
Victims are asked to install the anonymising The Onion Router (TOR) network browser, which takes users to a decryption service if they pay the ransom. Whether or not the attackers will provide a working decryptor after being paid is unclear.
Locky has been active since early 2016 and has been updated this year. It spreads as an attachment to spam emails.
There is currently no way to decrypt the scrambled files created by the Locky Lukitus variant.