There is no doubt That Ransomware has been among the most aggressive and most popular malware throughout 2015 and into 2016. Among the vastly growing list of new encryption-type ransomware, there are a few notable threats that have dominated the landscape of malware. Though, one that stands out among all ransomware is Locky, a type of ransomware that has accounted for 69% of all spam malware, according to security vendor Proofpoint’s latest quarterly report.

The distribution methods for ransomware have primarily been through spam messages. Considering how spam distribution rates were at record numbers all during 2016, there is no surprise to discover that Locky Ransomware is the top malware threat for the second quarter of 2016.

Revealed in Proofpoint’s quarterly report on Q2 of 2016, Locky Ransomware gained precedence each week of its existence with the help of record numbers of spam messages. Hundreds of millions of spam messages each day were circulated around the world during Q2 of this year and among many of those messages, they included malicious attachments in ZIP file format that contained Locky Ransomware.

Locky Ransomware is a particular threat that utilizes an aggressive file encryption algorithm to encrypt files to hold an infected computer for ransom. The ransom notification from Locky Ransomware has been known to demand payment of hundreds of dollars for obtaining the proper decryption key to restoring all files that it has encrypted and tagged with a .locky file extension.

The help spread spam messages that contain Locky Ransomware cybercrooks initiated a botnet campaign that consisted of infecting several computers with specialized malware to help distribute malicious emails. The botnet responsible for spreading the Locky Ransomware-infected messages, dubbed Necurs, was primarily responsible for initially spreading Locky Ransomware. Though, the botnet was shuttered for about three weeks but later in June of this year it was brought back to life with an up rise of its command and control (C&C) servers to dish out new commands to spread Locky.

There were other botnets and exploit kits responsible for spreading ransomware on a vast scale. Among those botnets, Angler, Nuclear, and Necurs, they were all shut down at a time and caused a slow-down of the spread of ransomware as a whole. Unfortunately, there remain many persistent points of spreading ransomware, including Locky Ransomware, which has had a rebirth through the spread of exploit kits that assist cybercrooks with the spread of ransomware.

Malicious JavaScript files found within ZIP file attachments in spam messages are the culprit in effectively spreading Locky Ransomware and other popularized ransomware, such as CryptXXX.

Locky Ransomware, after its last increase of infection rates during Q2 2016, replaced Dridex as the most prevalent malware spread by spam. Coming in after Locky is CryptXXX Ransomware, which has had other methods of spreading, such as through compromised website exploits.

Locky Ransomware remains to be one of the most prevalent types of malware this year. Though, we wouldn’t be surprised if Locky is eventually dethroned in the months to come by another ransomware or potentially an updated version of Locky. Until then, we urge computer users to utilize caution when opening emails that may appear to be suspicious and at the same time use spam filters on your email client and/or software.