We are advising all of our customers and partners to be aware of one of the most serious strains of ransomware that is currently doing the rounds. Named Goldeneye, it encrypts the workstation twice; both the files and the Master File Table (MFT).

The email presents as a Job Application with two attachments. One is a PDF and the other an Excel file. The PDF is the social engineering ruse that makes the user open the Excel file which launches the attack. If your user is untrained enough to open both attachments and there are crucial files on the local hard disk without a backup, you potentially get to pay ransom TWICE.

The spam email presents itself as a job application form to be filled out. It has attached an uninfected PDF with the application to get the process started, and in the PDF is a polite reference that the Excel file contains more details — no explicit demand to open up the file … just business as usual.

Upon opening up the Excel file, you will receive a suggestion on how to display the aptitude test. The user will not be asked to do anything obviously risky, such as “Enable macros” or “Turn off the default security configuration”, but they will be encouraged to make a change to Office settings, something that Excel will invite you to do because the file contains what are known as Visual Basic for Applications (VBA) macros.

If you permit macros to run in this Excel file, the VBA downloads a copy of the Goldeneye ransomware and immediately launches it.

The VBA programming language used in Office macros is powerful enough to allow cybercriminals to control Word or Excel programmatically, but also to perform more general actions such as downloading files from the web, saving them to disk, and running them.

If you think you have been subject to a phishing attack or any other cyber crime activity, please contact the Stonegate IT Support Team immediately.

Protect your systems from the threat of cyber attack with Stonegate IT – contact us on 0345 644 2245 for more information on Cyber Security Provisions.