Friday, September 2, 2016

Beware email with .DOCM or .DOCX (Microsoft Word) documents attached

According to FireEye, the strain of ransomware called Locky resurfaced a few weeks ago. If you click the Word document attached to the Locky email, it runs a program that encrypts all your files, renaming each with the .locky extension. You have to pay up to get the decryption key that restores your files.

Below are screen shots of sample Locky ransomware emails. For a better view, click the image here, or go to the FireEye article at https://www.fireeye.com/blog/threat-research/2016/08/locky_ransomwaredis.html.


A new variant reported three days ago in the SANS ISC InfoSec Forums uses the subject line "Transaction details." While the email generally looks the same as those pictured here, the attachment is a ZIP file containing a compressed Windows Script File (.wsf).

Any time you receive an email from anyone that contains an attachment or links, stop and take your hands off your mouse and keyboard. You do not want to click anything that is even remotely suspicious or unexpected. When in doubt, delete.

For more information, see "Locky" ransomeware - what you need to know.

No comments:

Post a Comment