The Microsoft Office productivity tool used in some ransomware attacks: Macros

Q: What are macros in Microsoft Office and what makes them dangerous?

A: Macros are one of the oldest and most valuable tools in the computer world because they allow complicated instructions to be performed with a single command.

You can essentially record a long series of commands and save them to a shortcut for future execution to save time without having sophisticated coding skills.

If you use Microsoft Office, there are a myriad of useful macros that can be created in applications like Word and Excel, such as inserting company letterhead to an existing document or adding formatted tables into a spreadsheet.

Macros are especially useful when you have a series of repetitive commands that you often use in just about any productivity software program.

The specific instructions for creating macros varies by program, so the best way to learn how to do it is by going to the ‘Help’ menu in any program and searching for ‘create a macro’.

Malicious Macros
This same powerful productivity tool can be used to create harmful results because malicious macros can be hidden in official-looking documents.

This time of year, there are lots of attempts to compromise users via official-looking tax documents that arrive via phishing email messages and can appear to be from the IRS, your employer or from a payroll company.

The underlying coding tools can be easily manipulated to hide malicious code that will automatically and silently run when you simply open the document or spreadsheet.

What makes this type of compromise especially dangerous is that it can execute the malicious code without the user ever seeing what is happening, which is why it’s one of the methods used to propagate ransomware attacks.

Ransomware needs time to go through your computer’s files and encrypt them in the background, so sneaking in silently is essential.

There are also lots of websites that offer free macros that you can download to save time, which may sound tempting but should be avoided.  There is no easy way for a non-technical user to know if a macro is legitimate or dangerous so stick to creating your own.

Disabling Macros for Security
In the past, you had to manually disable macros to protect yourself, so if you are using a really old version of Office, search the ‘Help’ menu for ‘disabling macros’ in all of the programs you use.

In current versions of Office, the default setting disables macros with a notification to the user that will allow them to enable it, if they so desire.

This should only be done if you are certain that the document is from a trusted source, such as your own company’s corporate network or something that you created in the past.

If you don’t know what a macro is going to do, you should never enable it unless you can verify the contents.

If you share a computer with younger users or don’t have the need for any macros, you can ‘disable all macros without notification’ in the ‘Macro Setting’ of the ‘Trust Center’ in Microsoft Office so the ‘enable’ option never appears in the future.