According to a recent Trend Micro report, a new ransomware campaign  has been spotted doubling-up its attack vector by infecting its victims first with Locky and again with the malware variant FakeGlobe.

Locky is one of the most prolific and successful ransomware variants, as its hackers continue to modify the virus to avoid being cracked. In fact, healthcare turns out to be one of its biggest targets. FakeGlobe was discovered early this year and traditionally launches low-profile attacks by email.

Hackers are combining these variants to maximize ransoms. If a user clicks on the malicious link, it would deliver one of the ransomware variants and again with the other strain soon after. This new campaign is particularly dangerous for victims who pay the initial ransomware and soon become infected again.

Researchers said this latest campaign uses highly sophisticated distribution methods and have impacted users in over 70 countries. Trend Micro officials said researchers blocked as many as 298,000 spam emails.

Further, hackers are launching attacks to coincide with work hours, which is the most effective method for spam campaigns.

Like many ransomware campaigns, the recent method uses emails that appear valid with a malicious .zip file attached. Both the Locky and FakeGlobe lure victims with fake invoices. FakeGlobe features a support page to help victims pay the ransom.