IT has received reports of a new ransomware program being distributed to victims via Word attachments in phishing emails. The program is written in Windows PowerShell and executed by macros when a victim opens the Word attachment. These Word documents are often labeled “invoice” and, when opened, instruct the victim to “enable editing” to view to document; once editing is enabled the macro code is executed.

Like other ransomware programs, the script encrypts your computer’s files and generates a ransom note. The attackers often demand $500-$1,000 to “decrypt” your files, although follow-through is not guaranteed. In most cases, the victim loses access to all files on his or her computer. Some ransomware is also capable of spreading to USB drives and network drives, putting other files at risk.

This ransomware attack has not been seen at UD. Yet.

Never download unexpected attachments. Never open unexpected attachments.

Members of the University of Delaware community who have further questions should contact the IT Support Center.