In a blog post dated August 17, FireEye is reporting a huge increase in “Locky” ransomware distribution via maliciously-crafted .DOCM email file attachments (macro-enabled Word files). The health care industry seems to be the hardest-hit in this campaign, and the U.S. and Japan top the list of affected countries.
The takeaway here is to be extra careful about opening email attachments. And, if you still have the “hide extensions for known file types” option enabled on your Windows systems, for heaven’s sake, disable it! Then, if someone sends you a .DOCM file attachment, at least you’ll recognize it!
Finally, consider the OpenDNS service we wrote about in our recent blog post entitled “Beating Malware by Disrupting Command & Control.”