Ransomware is a malware distributed via spam for the purpose of extortion (“ransom”) of the recipient. This is usually done by encrypting all of the victim’s files. You have to pay for the key to decrypt it (see payment procedure).

It is usually spread via attachments with old Office file formats (.doc, .xls, .ppt). There is no content in these documents, but only a macro that the malware downloads and starts. Often a story is included as to why the file is sent differently this time (Office file instead of PDF) and how to ignore the warning issued by Microsoft Office.

Retaliatory action:

• Always install security patches on operating systems and application software promptly
• Filtering Macros in Office Attachments
• Up-to-date and reliably functioning backups reduce the damage
• For some ransomware, there are also decryption tools

Examples:

• Peyta (June 2017, distribution channel e-mail with Dropbox link, supposed application letter, EXE file disguised as PDF)
• WannaCry (May 2017, distribution channel email and SMB vulnerability)
• Emotet (June 2019)

Further information:

• Europol, Cybercrime Division
• Central contact point of the Bavarian police (ZAC)
• https://www.polizei-praevention.de/themen-und-tipps/pc-gesperrt-ransomware.html