

Others are less discriminating and will encrypt many types of files (for example, Cryptolocker). Some crypto-ransomware, such as older variants of TeslaCrypt, will only encrypt specific types of files. When the crypto-ransomware is downloaded and run on a device, it hunts for and encrypts targeted files. If the user clicks 'Enable Content', macros are enabled and the embedded code will run immediately. If macros are not enabled, the file will display a notification prompt asking the user to enable them. If they happen to be enabled when the file opened, the macro code run immediately. Macros are disabled by default in Microsoft Office. The user is tricked into enabling macros.Macros are already enabled in Word or Excel.Even if the user does open this file, the macro can only run if one of the following conditions is present: If the attached file is a Microsoft Word or Excel document, harmful code is embedded in the file as a macro. If the opened file is JavaScript, it will try to download and install the crypto-ransomware itself from a remote website or server. For example, they use the name and branding of legitimate companies, or intriguing or legal-sounding texts. Receiving the email itself does not trigger an infection the attached or linked file would still need to be downloaded or opened.Īttackers often craft the email messages using social engineering tricks to lure the recipients into opening the links or attached files. Zipped folder containing a JavaScript file (.zip file containing a.Microsoft Word document (file name ends with.Common files formats used to deliver crypto-ransomware include: The emails have attached files that download crypto-ransomware onto the device.In fact, the documents are executable programs (the crypto-ransomware itself) The email message contain links to 'documents' saved online.Users most commonly come into contact with crypto-ransomware via files or links that are distributed in email messages:
