In March this year I wrote about the upswing in ransomware attacks. Well since then we have seen even more attacks. Unfortunately some people have been caught out by the attackers and have had files encrypted.
Luckily everyone so far has been able to restore their data from backups and other sources.
The criminal gangs running these attacks are constantly looking for new ways to get results. Recently they used a flaw in certain types of Word docs. These were Word files with macros in them. Once we worked out what they were up to we started using our spam management system PureMessage to quarantine all these Word files with macros (these have a docm suffix). Only a few genuine files were quarantined and they were still available to the user.
During August we quarantined about 150 000 docm files.
Since then we have seen a decline in the use of docm files but a large increase in zip files. Zip files are a convenient way to bundle together a number of files in a compressed format that makes them easier to distribute.
During the first 12 days of September we quarantined about 1.5 million zip files. Almost all of these had some sort of malicious content.
Dealing with these ongoing attacks is a team effort and we all have a part to play. Remember if something looks suspicious then get someone to check it out.