Outlook ‘settings’ file lead to ransom for your data

Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

An email pretending to be ‘Outlook settings’ will actually lock up your data until you pay a fee – aka ransom.

The tricks to separate you from your money and computer files continue to get more elaborate and this latest brazen effort from Russian scammers shows.

For the last few years there’s been virus attacks that encrypt or lock your computer files. To get them back you have to pay a ‘fee’ (really a ransom) for the key or software to recover your data. The ransom is about US$300 and you have 72 hours to pay but the payment methods are complicated.

CryptoLocker%201 - Outlook ‘settings’ file lead to ransom for your data


Source: Sophos

Of course, there’s no guarantee that payment will get your files back. They may just take the money and disappear or give you false hope via a useless code.

The encrypted files include all the common Office document types both ‘new’ (docx, xlsx, pptx) and ‘old’ (doc, xls, ppt) plus Access databases, Outlook data files and OpenDocument files too. The virus will reach to any target files it can find on hard drives, external drives or network shares. Windows 8 File History will probably be affected because the files are saved there with original file extensions.

BleepingComputer.com is reporting that the scammers have become some confident that they now have a web site for victims to ‘help’ them pay the ransom. Cheeky buggers.


‘Outlook settings’

What caught our eye was one method of getting onto your computer. It’s an email that pretends to be new Outlook settings.

According to BleepingComputer.com the email can look like this:

CryptoLocker%202.png - Outlook ‘settings’ file lead to ransom for your data

So it’s a trap for unsuspecting Outlook users.

It’s also sneaky. The ZIP file containing the virus is password locked with the password in the email itself. That means the ZIP file will get through many anti-virus scans since the contents can’t be automatically checked.

Anti-virus software assumes that password protected files are legitimate and locked for privacy. Until now the presumption has been that viruses need to be in unlocked ZIP’s in order to spread efficiently. Hackers have decided that enough people know how to enter a password.

What to do

Don’t open attachments that look suspicious. Is it likely that you’d get real Outlook settings via a password protected ZIP file? …. from an anonymous source with an unknown email address? …. in a plain text message?

Backup, backup, backup. If files do get locked up by this ransom attack the only reliable way to recover your data is from a backup. It’s just one more reason to backup and backup often.

Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address