When the ransomware Locky was first discovered in early 2016, it relied on a malicious macro embedded in Microsoft Word (MS) documents as its main distribution technique. After a brief campaign hiatus, a new variant of Locky (Detected by Trend Micro as PDF_LOCKY.A) has emerged that uses a macro-enabled Microsoft Word document nested within a PDF file as a new propagation method.