Categories: NewsSecurity

Closing a Word Document Could Infect Your Computer With Locky Ransomware

Cybercriminals have not given up on the idea of distributing Locky ransomware. Although most of the distribution methods in place today are being used by virtually everyone, there is a new solution being utilized by a few criminals. They now distribute the Locky ransomware payload through a modified Microsoft Word file, which will only be triggered once the document is closed. This is a new spin on the traditional “Word macro” distribution method we have seen used so often in recent years.

A New Way to Distribute Locky Ransomware

The Microsoft Word software suite allows criminals to execute many things that should not be theoretically possible. Installing malware by forcing users to enable specific macros to view content in a document and distributing the malicious payload that way seems to work just fine. However, since almost every

ransomware
distributor is using this method, the average consumer is slowly becoming aware of this problem and the threat it poses.

The latest Locky ransomware distribution campaign still relies on Microsoft Word documents. That in itself will not change anytime soon, as criminals have come up with a new way to successfully exploit a few other options at their disposal. The newest method uses Word documents laden with Locky malware which will only trigger the payload download and execution once the documents are closed. This is a pretty unique way to deliver a payload since it is not something that has been explored up to this point.

Similar to the previous distribution method, this Microsoft Word campaign still relies on macros. It seems these macros are of particular concern to Microsoft, as the criminals have found a way to make them useful to execute code when a document closes. It still relies on executing a macro within Word itself, and the user still needs to enable macros in order for it to succeed. However, it has nothing to do with displaying content per se, as the document itself displays information.

Related Post

This also makes a major difference for any security software that may be installed on the victim’s computer. Since most software now blocks malicious macros in Word documents when it comes to displaying content, an on-close Macro is the new go-to solution. A lot of sandboxed environments allow Word macros by default. Now that these new types of documents appear to be completely harmless, they can still infect computers by flying under the radar.

This new Microsoft Word campaign is not the only Locky distribution method to keep an eye on. Another researcher has discovered that there is a fake Dropbox email phishing method being employed right now. Once a user clicks on the link in an email, he or she is redirected to a spoofed website which will install the Locky payload on the target computer. Criminals will continue distributing Locky for quite some time to come; that much is obvious.

With so many “affiliates” distributing one of the more destructive types of malware, the future is looking pretty bleak. It seems as if the war against ransomware is not evolving in favor of the potential victims. Criminals remain at least two steps ahead of security researchers in this ongoing cat-and-mouse game. Locky has been one of the top ransomware types for quite some time and it will not necessarily go away overnight. With this new Microsoft Word macro trick, things will only get more confusing and dangerous for computer users.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, MicroStrategy Falls After Bitcoin Price Dips, and Ethereum Heist Involves North Korean Hackers

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, Bitcoin Price Dips, and Ethereum Heist…

2 hours ago

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

11 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

11 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

11 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

12 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

12 hours ago