Prevent ransomware attacks targeted at users of Microsoft products (e.g. Excel, Outlook, Word) by answering No in a dialog that asks for permission to use data from linked files

If you get an Office document, a calendar link or another file to your email and when you are handling the file it gives you a dialog or warning prompt that looks something like this:

The document contains links that may refer to other files. Do you want to update this document with the data from the linked files? Yes or No

Always answer No, just like you would do with any Office Macros.

Background:

Microsoft’s Dynamic Data Exchange (DDE) is an old (1987) feature of MS products (mainly used in Office) that is designed to give applications the ability to exchange data between each other. Now the same functionality is being used for spreading ransomware. These are not macros but from the user’s point of view, they look somewhat like macros. The current wave of attacks uses email for distribution and a patch will probably not be coming anytime soon, as DDE itself is not a fault but a feature of Windows and Office programs. (NB. on your own computer, you can disable DDE if you don’t need it: You might want to do it for Word and Excel. You will find the option from Options/Advanced/General; uncheck the ‘Update automatic links at open’ option.)

The attackers try to coax you into first opening a malicious attachment and then click yes to the dialog. Don’t fall into this trap!

« Back

This article was published in categories English version available, Oamk , for Oamk staff, for Oamk students and tags email, viruses, computer security, ransomware, OUAS's information security officer's announcements. Add the permalink to your favourites.