On June 21, 2016, FireEye’s Dynamic Threat Intelligence (DTI)
identified an increase in JavaScript contained within spam emails.
FireEye analysts determined the increase was the result of a new Locky
ransomware spam campaign.
As shown in Figure 1, Locky spam activity was uninterrupted until June
1, 2016, when it stopped for nearly three weeks. During this period,
Locky was the most dominant ransomware distributed in spam email. Now,
Locky distribution has returned to the level seen during the first half
of 2016.