Ransomware Is Being Hidden Inside Attachments of Attachments
The new ransomware campaign, highlighted by the Naked Security blog , works like this:
You're sent a spam
The PDF has an attached document that Acrobat Reader tries to open when you open the PDF.
The document gets opened by Microsoft Word, then asks you to enable editing. But it's actually a social engineering attack trying to get you to enable a VBA macro.
When you say yes to enable editing, the VBA macro runs, then downloads and runs the crypto ransomware
By hiding the actual attack inside an attached document within another safe-looking document, ransomware attackers can get around most antivirus filters. SophosLabs likens the approach to a Russian matryoshka doll, hiding an attack within a file within a file.
Fortunately, to avoid these types of attacks you simply need to follow the same rules you should have been following all along-with one caveat. Be wary of email attachments, yes, but also don't fully rely on your
Even if it looks like it's coming from a friend, take a few extra moments to make sure it's really them. Attackers have been getting better at masquerading as people you trust . And never enable macros in documents you receive via email. Microsoft keeps auto-execution of macros disabled by default, but don't let clever social engineering tricks get you to turn them back on.