When the ransomware Locky was first discovered in early 2016, it relied on a malicious macro embedded in Microsoft Word (MS) documents as its main distribution technique. After a brief campaign hiatus, a new variant of Locky (Detected by Trend Micro as PDF_LOCKY.A) has emerged that uses a macro-enabled Microsoft Word document nested within a PDF file as a new propagation method.

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-recap-locky-returns-cerber-evolves-anew