In the case of the Locky ransomware, all files on the affected computer are encrypted until a ransom is paid.
When the file is opened, users were prompted to install an extension. This extension downloads the Nemucod downloader which can spread the malware, which then encrypts the files.
Users should never download attachments from people they don’t know, or open those attachments with unusual file extension such as svg, js or hta. If the extension is downloaded, do not open them.