The security researchers have recently discovered a new malware named as “lucky” which encrypt files of the victims and asked payment in bitcoin for the key to decrypt files. This malware is installed to root user’s machine through word documents.
Security researchers Kevin Beaumont and Lawrence Abrams each wrote an analysis of Locky, detailing how locky installs itself and its components. An attacker sends document carrying malware which arrives in an e-mail of victim that claims to be delivering as an invoice (with a subject line that includes an apparently random invoice number starting with the letter J). When the document is opened, if Office macros are turned on in Word, then the malware installation begins. If not, the victim sees blocks of garbled text in the Word document below the text, “Enable macro if the data encoding is incorrect”—and then infects the system if the user follows that instruction. Locky Ransomware uses AES to encrypt Local Files and Unmapped Network Shares.
– See more at: http://blog.rigotechnology.com/2016/02/21/locky-ransomeware/#sthash.peCHVPPm.dpuf
Today security researcher publish more than 600 infected machine decryption key of locky ransomware if your machine was or is infected with locky ransomware than go through the link.