On Windows, at least, any files that come from web browser downloads or Outlook at treated as untrusted. Any such files are tagged with an Internet Zone Identifier Alternate Data Stream (a.k.a
“Mark of the Web” or MotW ). Office applications will automatically disable any macros or other content in such files. One must actively bypass security warnings — which many folks do without hesitation, I know — in order to actually
run the content.
I don’t know if attachments received using Thunderbird are tagged with the MotW. If not, perhaps moving to Outlook for email would be a helpful countermeasure.
On Windows, anyway.
Additionally, it might be a good opportunity to emphasize the importance of reliable backups, or using central file services so that backups are taken
care of without user intervention.
Systems Administrator |
Technology Services |
From: Technology Discussion at UVM [mailto:[log in to unmask]]
On Behalf Of Sam Hooker
Sent: Wednesday, June 1, 2016 11:13 AM
To: [log in to unmask]
Subject: Re: heads up: ransomware message to be published tomorrow
Thanks, Andrew; I’ve worked that in, updated the blog post, and submitted the changes to Gary for inclusion in the email version.
Can we also mention that unless you’re dealing with a file that is expected to have macros (usually spreadsheets from FAB or downloaded from Peoplesoft), people should always elect to “disable macros” when
asked on file open.
In many cases, even if the file legitimately does have macros, disabling them doesn’t prevent entering data into the file.
I’d rather have people in the habit of disabling them and occasionally having functionality problems than to be in the habit of always enabling them and risk getting infected with Locky.
UVM, College of Arts & Sciences
To submit a request for service please use: