Crooks are spamming out a new variant of the infamous Locky ransomware.

More than 14 million virus-laden emails have gone out so far, according to web security firm AppRiver.

These spam messages come with a booby-trapped .zip file attachment that poses as an invoice or letter of complaint to a targeted organisation but actually contains malicious JavaScript.

Victims who open the attachment on a Windows PC end up with an infected machine and scrambled files. The latest attack has switched from appended the .SH*T extension to encrypted files to using the .THOR extension instead, according to Bleeping Computer. ®