In the last 30 minutes we’ve been targeted by Locky with emails in native language for the domain recipient. They successfully bypass most antivirus again, and work against Microsoft Outlook environments.
The emails look like this, i.e. a real business email:
The payload is Locky, with approximately 5% detection of the payload right now. See my prior posts on Locky.