Security experts of SophosLabs have uncovered terrifying new ransomware campaign that could hijack your PC and all its files, just by opening an email attachment. The malware was covered in Sopho Labs Naked Security blog.
The hackers send an attached pdf document to the target which will try to get opened through Acrobat Reader. Once opened in MS Word, the file asks you to enable editing through a social engineering attack. This runs a VBA macro, which downloads and runs the crypto ransomware which downloads and runs the Locky ransomware, locking the device. Once the malware hits the pc, hackers demand a large ransom to release the files.
The ransomware in this case appears to be a variant of infamous Locky malware, which wreaked havoc across the world earlier this year.
Most antivirus filters know how to recognize suspicious macros in documents, but hiding those document inside a PDF could be a successful way to sidestep it.
However as opposed to most hacking campaigns, this new ransomware hides not just within one malicious file, but dual layers, making it even tougher to detect.
There are things people can do to better protect themselves from this sort of thing:
This includes making and keeping regular back-ups of your files and ensuring a copy is kept somewhere off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
Users should also ensure their software is kept updated with regular security patches, as many malware attacks rely on exploiting bugs in programs such as Word. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit. In the case of this attack, users want to be sure they are using the most updated versions of PDF and Word.
Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
Finally, everyone should always be cautious about opening attachments in emails, particularly those from addresses or people you don’t recognise. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
Use Sophos Intercept X, which stops ransomware in its tracks by blocking the unauthorized encryption of files.
The news is the second malware campaign to target Microsoft Word in recent weeks.
Earlier this month, McAfee warned about a new type of exploit that was targeting all versions of Microsoft Office, including the version of Office 2016 that runs on Windows 10.