« Back

Prevent ransomware attacks targeted at users of Microsoft products (e.g. Excel, Outlook, Word) by answering No in a dialog that asks for permission to use data from linked files

If you get an Office document, a calendar link or another file to your email and when you are handling the file it gives you a dialog or warning prompt that looks something like this:

The document contains links that may refer to other files. Do you want to update this document with the data from the linked files? Yes or No

Always answer No, just like you would do with any Office Macros.


Background:

Microsoft’s Dynamic Data Exchange (DDE) is an old (1987) feature of MS products (mainly used in Office) that is designed to give applications the ability to exchange data between each other. Now the same functionality is being used for spreading ransomwareThese are not macros but from the user’s point of view, they look somewhat like macros. The current wave of attacks uses email for distribution and a patch will probably not be coming anytime soon, as DDE itself is not a fault but a feature of Windows and Office programs. (NB. on your own computer, you can disable DDE if you don’t need it: You might want to do it for Word and Excel. You will find the option from Options/Advanced/General; uncheck the ‘Update automatic links at open’ option.)

The attackers try to coax you into first opening a malicious attachment and then click yes to the dialog. Don’t fall into this trap!

« Back

This article was published in these categories: English version available, for staff, Oamk , for students, BULLETINand tagged , , , , .Add a permalink to your favourites. Follow comments to this post with a RSS feed. Post a comment or leave a trackback: Trackback URL.

One comment

  1. Teemu Korpela
    Written on 19.12.2017 at 11:26:58 | Permalink

    Microsoftin 12/2017 päivitykset estävät DDE-toiminnallisuuden ainakin Wordissa, ellei sitä erikseen salli.

    https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/

Log in to comment this article