Petronella Blog Archive

Visit our New Blog

Ransomware in Microsoft Word

Blog Post

A new strain of ransomware has made its way into Microsoft Word documents.  It's well-hidden and as of right now, undetectable by antivirus software.

Ransomware, if you're not yet aware, is a type of malware that encrypts the files on an infected computer and leaves only a message for the victim, giving them instructions on how to pay to get their files back.  The cost is usually around $500 in Bitcoins.

This new kind of ransomware, called Locky, is triggered by macros in Microsoft Word.  The Word document is attached to an email, usually with the subject line of something having to do with an overdue invoice or the like.  When the document is opened, the text looks scrambled.  A message will prompt the user to click a button to run a macro if the text looks scrambled.

The macro, however, does not unscramble the text.  Instead it downloads and runs an executable file.  As soon as that starts running, the files on the computer start becoming encrypted.  Locky also encrypts files on any network the computer is on, so it's not only a danger to the person opening the Word document, but to anyone whose computer is on the same network.

The easiest, but also most unreliable way to prevent a computer from becoming infected with Locky is to make sure your employees do not open unrecognized Word document attachments, and if they do, make sure they DO NOT run macros.  Of course, you could just disable macros company-wide, but macros are still used by tons of users.  

The best alternative is to make sure all of your users use macros from a shared folder and disable macros from anywhere else.  It's not a perfect solution, but until malware detectors and employee knowledge catch up to the latest ransomware, it's a decent solution.

If you're concerned that your computer or network may have become infected with malware or you want to make sure you are as protected as possible, contact Petronella Technology Group to set up a free consultation.