Once thought to have gone the way of the floppy disk, macro malware appears to have returned in full force. According to Softpedia, there has recently been an influx in the number of cyber criminals targeting organizations by getting insiders to run infected macros.
What are macros?
For a quick refresher, a macro is a convenient way to automate certain functions within programs such as Microsoft Word and Excel. However, when enabled, they can also be used to automatically execute malicious code. Hackers typically accomplish this by sending out spam emails to organizations with seemingly relevant subject lines and body text. If the recipient opens the attached document and allows the macro within to run, the infection can take hold, and even spread throughout the network.
The results of running an infected macro can be damaging. In Kentucky, one hospital was held hostage as a result of ransomware that may have gotten on the system via a macro, according to NBC. Here’s how you can prevent this from happening to your organization:
Update and Maintain System Settings
Recently, Microsoft Office 2016 was updated to be able to block macro malware attacks. This is good news for users of the productivity suite. For enterprise admins, it means a whole lot of updating to improve defenses against macro malware. While this may be time-consuming, it’s entirely necessary to avoid being preyed upon by this cyberthreat: In many cases, a malicious macro will lead to the installation of crypto malware that can lock down files on an entire network. Fortunately, admins can preempt this problem by using computer management software that has an automatic updater feature. This allows them to automatically push updates to every system on the network.
Not all organizations are running Microsoft Office 2016. Those that are aren’t should enable macro protection features that are available, and should disable features that automatically run macros. Admins can enforce these settings with computer management tools that let them predetermine configurations for systems across the network, and reset them on an as-needed basis. Rather then re-imaging, a solution with reboot to restore functionality allows admins to simply restart the computer to reset settings. No fuss, no muss.
Have a Strong Response Plan
Reboot to restore software provides the added benefit of wiping a system clean of malware and restoring it to its former state. If someone does fall for a macro malware scheme, it’s not the end of the world. Rather than paying a ransom to unlock data or spending time tweezing out bugs, just reboot and restore.