In the past week we have seen a resurgence of Locky malware emails. Some examples of the attachment filenames (there are many variations): DETAILS_%username%_291866.ZIP->extracted file: unpaid-166.js  %username%_ADDITION_744341.ZIP-> extracted file:addition-0106.js %username%_INVOICE_337060.ZIP-> extracted file:unpaid-643.js SERVICES_%username%_793350.ZIP-> extracted file:addition-3247.js %username%_SCANNED_869621.ZIP-> extracted file:unpaid-6981.js %username%_UNPAID_116521.ZIP-> extracted file:unpaid-8255.js legend: %username% = local part of the email address