Categories: NewsSecurity

Closing a Word Document Could Infect Your Computer With Locky Ransomware

Cybercriminals have not given up on the idea of distributing Locky ransomware. Although most of the distribution methods in place today are being used by virtually everyone, there is a new solution being utilized by a few criminals. They now distribute the Locky ransomware payload through a modified Microsoft Word file, which will only be triggered once the document is closed. This is a new spin on the traditional “Word macro” distribution method we have seen used so often in recent years.

A New Way to Distribute Locky Ransomware

The Microsoft Word software suite allows criminals to execute many things that should not be theoretically possible. Installing malware by forcing users to enable specific macros to view content in a document and distributing the malicious payload that way seems to work just fine. However, since almost every

ransomware
distributor is using this method, the average consumer is slowly becoming aware of this problem and the threat it poses.

The latest Locky ransomware distribution campaign still relies on Microsoft Word documents. That in itself will not change anytime soon, as criminals have come up with a new way to successfully exploit a few other options at their disposal. The newest method uses Word documents laden with Locky malware which will only trigger the payload download and execution once the documents are closed. This is a pretty unique way to deliver a payload since it is not something that has been explored up to this point.

Similar to the previous distribution method, this Microsoft Word campaign still relies on macros. It seems these macros are of particular concern to Microsoft, as the criminals have found a way to make them useful to execute code when a document closes. It still relies on executing a macro within Word itself, and the user still needs to enable macros in order for it to succeed. However, it has nothing to do with displaying content per se, as the document itself displays information.

Related Post

This also makes a major difference for any security software that may be installed on the victim’s computer. Since most software now blocks malicious macros in Word documents when it comes to displaying content, an on-close Macro is the new go-to solution. A lot of sandboxed environments allow Word macros by default. Now that these new types of documents appear to be completely harmless, they can still infect computers by flying under the radar.

This new Microsoft Word campaign is not the only Locky distribution method to keep an eye on. Another researcher has discovered that there is a fake Dropbox email phishing method being employed right now. Once a user clicks on the link in an email, he or she is redirected to a spoofed website which will install the Locky payload on the target computer. Criminals will continue distributing Locky for quite some time to come; that much is obvious.

With so many “affiliates” distributing one of the more destructive types of malware, the future is looking pretty bleak. It seems as if the war against ransomware is not evolving in favor of the potential victims. Criminals remain at least two steps ahead of security researchers in this ongoing cat-and-mouse game. Locky has been one of the top ransomware types for quite some time and it will not necessarily go away overnight. With this new Microsoft Word macro trick, things will only get more confusing and dangerous for computer users.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

OKX Wallet Sees Whales Massive Moves; More on Plus Wallet & Coinbase  

Plus Wallet Impresses with its Speedy 15-Min Token Listings While Coinbase Unveils AI Tool &…

2 hours ago

100% Bonus with BlockDAG! Ethereum Eyes Breakout, Sui Plans To Expand

BlockDAG Rolls Out Limited Time 100% Bonus For Community While Ethereum Price Looks Bullish &…

3 hours ago

Best Crypto Wallets 2024: Top Choices for Security & Rewards

The 5 Best Crypto Wallets Worth Using in 2024 — Find Out Why Selecting a…

4 hours ago

Ethereum Ecosystem Primed For A November Rally – ETH Coins Chainlink (LINK), Toncoin (TON), And Cutoshi (CUTO) The Ones To Watch

With a Total Value Locked (TVL) of $50.72B, Ethereum is the world's largest blockchain, with…

11 hours ago

Analysts Predict a Rollblock 5000% Surge Dwarfing Pepe Coin and Popcat Recent Fame

The meme coin market has recently been surging once again; tokens such as Pepe and…

21 hours ago

FLOKI Dominates Meme Market as Rollblock ICO Skyrockets. Is Polkadot Losing Its Edge?

The FLOKI price has recorded over 300% yearly ROI, dominating crypto gains in the meme…

21 hours ago