Ransomeware such as Locky or TeslaCrypt can paralyze entire companies. The encryption Trojan Locky is currently making particularly big waves: It comes via file attachments in e-mails, mostly in macros, e.g. in outdated MS Office files or in Java script code (.js files). Currently, our filter service SecuMail^® is also increasingly blocking emails with file attachments in .jse format – a new wave of attacks by Locky. In this article, we explain which file formats generally have no place in your mailbox and should be blocked.

In principle, it makes sense to block executable file formats such as .js or .jse across the board so that they do not reach your employees’ mailboxes in the first place. To do this, you need professional security management for file attachments. This makes a decisive contribution to your IT security. After all, virus scanners currently can’t detect too many threats at all – an intelligent system that blocks critical file formats or moves them to quarantine provides additional protection. For example, users of our email filtering service SecuMail^® were safe from Locky in Javascript files at all times, because SecuMail^® blocks all emails with .js attachments across the board.

Critical Differences Between New and Old File Formats

First and foremost, it’s important to be critical of any email attachments that reach you. In addition to script files such as .js or .jse, special caution is required with old Office formats such as .doc or .xls. Using these formats as a vehicle for malware is particularly effective for criminals due to their high prevalence and various security gaps and can cause great damage in a very short time. Very few users expect a virus to be hidden behind a Word or Excel file – especially if the file also pretends to be an invoice, order confirmation or internal document scan.

New Office formats such as .docx, on the other hand, are secure and usually do not require any special treatment in your anti-spam and malware measures. However, if security vulnerabilities in PDF files are also used to transmit viruses in the near future, alternatives are rare.

Essential but Critical File Formats: Cloud Quarantine Can Help

For important but vulnerable file formats in email attachments, SecuMail^® offers a built-in quarantine station in the cloud. This is an “email firewall” in which predefined file formats automatically end up in quarantine and are kept there for a few hours. If no malicious code is found during a subsequent re-examination of the e-mails, the user is free to have the previously blocked e-mails forwarded. By stopping suspicious email attachments in the cloud quarantine , there is a good chance of detecting viruses during this time and protecting yourself from potential damage. This configurable attachment filter can be used as you wish and filters exactly those emails whose attachments make you uncomfortable or are considered unsafe.

Quarantine and re-checking email attachments can also offer greatly increased, but not 100 percent protection. This is only possible if you completely block critical file formats – in day-to-day business, this is quite possible for most, but not all, file formats.

Executable files: You should always block mails with these attachments

So-called executable files have no place in e-mails. Rather, there is a high risk that when opened, they will release malicious code or “reload” malware that triggers negative changes on your computers. These include, but are not limited to, the following more common formats: .JS, . JSE, .BAT, . PIF. DDPS, . LNK, . REG. CMD. SCR etc.

Formats that are common and frequently used in everyday business, such as .doc or .xls, are less a case for categorical exclusion – much more for the quarantine strategy recommended above. Because just because the prevalence of these old and insecure formats is high, many companies cannot completely do without these attachments. For example, because customers or suppliers still use these formats.

However, which file attachments you would like to have categorically blocked and which are worth taking a detour via quarantine is ultimately at your discretion. We will be happy to advise you on this.

Are you looking for a way to protect yourself from critical file formats and don’t yet have a suitable management system for it? Test the cloud filter service SecuMail^® without obligation. You can find more information here. Write us an e-mail or call us on 08171 / 41 80 90 – we will be happy to advise you.

Your SecuMail^® Team

WorNet AG