The Indian Computer Emergency Response Team on Saturday issued an alert warning people about the spread of an email-based ransomware identified as Locky. The alert said the ransomware spreads through spam mails to breach server security and demands a bitcoin ransom to allow users to unlock it.

Locky is currently in circulation through over 23 million messages which include common subjects like “please print”, “documents”, “photo”, “Images”, “scans” and “pictures”, the alert said. “The messages contain ‘zip’ attachments with Visual Basic Scripts embedded in a secondary zip file,” the warning said. “The VBS file contains a downloader which polls to the domain ‘greatesthits[dot]mygoldmusic[dot]com’ to download variants of Locky ransomware. Please do not visit this malicious website.”

Cert-In is the Ministry of Electronics and IT’s nodal agency which handles cyber security threats by collecting, analysing and spreading information on challenges or breaches in the field. It has listed several ways to avoid falling prey to the ransomware. The team has advised keeping regular backups of important data on separate devices and updating anti-virus software on the systems.

The team had first issued an advisory against Locky in 2016.

In August, IT minister Ravi Shankar Prasad had told members of the Lok Sabha that Cert-in had reported 65 ransomware breaches between 2014 and 2017, Mint reported.