Ransomware attacks are getting more and more clever as the public gets wise to them. The latest involves hiding a malicious macro inside a Word document attached to a seemingly harmless PDF file.
The new ransomware campaign, works like this:
- The PDF has an attached document that Acrobat Reader tries to open when you open the PDF.
- The document gets opened by Microsoft Word, then asks you to enable editing. But it’s actually a social engineering attack trying to get you to enable a VBA macro.
- When you say yes to enable editing, the VBA macro runs, then downloads and runs the crypto ransomware.
By hiding the actual attack inside an attached document within another safe-looking document, ransomware attackers can get around most antivirus filters. They are hiding an attack within a file within a file.
Fortunately, to avoid these types of attacks you simply need to follow the same rules you should have been following all along—with one caveat. Be wary of email attachments, yes, but also don’t fully rely on your security software when it says a suspicious file looks safe.
Even if it looks like it’s coming from a friend, take a few extra moments to make sure it’s really them. Attackers have been getting better at masquerading as people you trust. And never enable macros in documents you receive via email. Microsoft keeps auto-execution of macros disabled by default, but don’t let clever social engineering tricks get you to turn them back on.
The security experts at Hooks Systems of Wilmington, NC can configure you network with a robust firewall with an intrusion prevention system (IPS) along with an intrusion detection system (IDS) to keep malicious hacking attacks at bay. But you will still need to be cautious before opening attachments.