Alert: now understand how the virus that infects Word files works

Alert: now understand how the virus that infects Word files works

A strain of virus called AstraLocker recently released a new version, which infects email attachments E-mail by quick attacks, but capable of causing great damage. Keep reading and understand how it works. Ransomware.

Read more: Google’s AI ‘child’ can escape and do bad things, insider says

How does ransomware work?

Ransomware such as AstraLocker is essentially malware that encrypts relevant files on a device’s local and network storage, demanding a ransom to decrypt them.

The most common ways of spreading malware are by tricking users into opening malicious attachments or opening files downloaded via links in emails.

On the other hand, it is also common for ransomware to be hosted on pirated software download pages. Also, in other cases, users manage to infect computers when the person opens files from other untrustworthy sources or uses fake installers.

AstraLocker – How does the virus that infects emails work?

In short, the bait used by AstraLocker 2.0 operators is a differentiated Microsoft Word document, which hides an OLE object with the ransomware payload. In this sense, the built-in executable uses the file name “WordDocumentDOC.exe”.

According to a code analysis by ReversingLabs, the AstraLocker virus is based on leaked source code from Babuk, which in turn is a buggy but still dangerous strain of ransomware that was released in September 2021.

How does this virus usually infect the computer?

Typically, emails designed to spread this malware are disguised as urgent/important letters from legitimate businesses or other entities. In this way, the person receives and does not pay attention to the fact that there may be malicious content.

In this sense, there are some examples of files that cyber criminals use to distribute MS Office malware, files such as ZIP and RAR, PDF documents, as well as JavaScript and executable files.

What can happen if your files are infected with this virus?

If your computer is infected with AstraLocker, some things that can happen are: it will not be possible to open files stored on the computer; previously working files can be replaced with a different extension (such as my.docx.locked).

Additionally, you may see a ransom demand message on your desktop, as mentioned earlier, cyber criminals often demand ransom payment (usually in cryptocurrencies such as bitcoins) to unlock your files.

#Alert #understand #virus #infects #Word #files #works