Ransomware?

Discuss setup / installation issues - Add a spell checker, Language pack?

Ransomware?

Postby kevinburger » Wed Jan 10, 2018 9:41 pm

Hello,

I have a Windows 7 machine that is connected to a server that gets used for one task (shipping products). Yesterday, I installed OpenOffice on it and carried on my way.

2-3 hours later, our server gets attacked by ransomware and we had to recover the data. My IT team tells me that the origin started from this computer and the only changes made on that computer that day was installing OpenOffice. I know because I'm the only one that used the computer all day, no one else is here.

I downloaded directly from the website. This is the download link from my download logs:

https://versaweb.dl.sourceforge.net/pro ... _en-US.exe

I'm not saying OpenOffice is responsible but I just wanted to open a dialogue about it. Have you guys heard of anything like this?
OpenOffice 4.1.5 on Windows 7
kevinburger
 
Posts: 1
Joined: Wed Jan 10, 2018 9:15 pm

Re: Ransomware?

Postby RoryOF » Wed Jan 10, 2018 9:52 pm

Verify the checksum of the file you have downloaded by the methods described in
Apache OpenOffice - How to verify the integrity of the downloaded file?

If it passes the checksum test, then the file is as it left the OO code factory and is clean.

Don't forget that ransomware can be caused by website visits and emails. Has your IT department carried out an indepth scan of your computer?
Apache OpenOffice 4.1.7 on Xubuntu 18.04.3 (mostly 64 bit version) and very infrequently on Win2K/XP
User avatar
RoryOF
Moderator
 
Posts: 29599
Joined: Sat Jan 31, 2009 9:30 pm
Location: Ireland

Re: Ransomware?

Postby John_Ha » Wed Jan 10, 2018 10:08 pm

sourceforge.net is a reputable site but ...

... it is always better to download software from the author's site - in this case http://www.openoffice.org/download/index.html
AOO 4.1.6, Windows 7 Home 64 bit

See the Writer Guide, the Writer FAQ, the Writer Tutorials and Writer for students.

Remember: Always save your Writer files as .odt files. - see here for the many reasons why.
John_Ha
Volunteer
 
Posts: 6827
Joined: Fri Sep 18, 2009 5:51 pm
Location: UK

Re: Ransomware?

Postby Hagar Delest » Wed Jan 10, 2018 11:19 pm

The files are hosted on the sourceforge.net.
Your link seems related to sourceforge but I've not checked the checksum of the file. Do that, it will give you the answer for sure.
If it's correct, then the attack comes from elsewhere.
AOO 4.1.6 on Xubuntu 19.04 and 4.1.5 on Windows 7 (with winPenPack port).
User avatar
Hagar Delest
Moderator
 
Posts: 28561
Joined: Sun Oct 07, 2007 9:07 pm
Location: France

Re: Ransomware?

Postby Bill » Thu Jan 11, 2018 1:25 am

I downloaded the same installation file from the same SourceForge mirror on January 2 and installed the same day. The downloaded file size is 140,756,235 bytes. The SHA-256 checksum is correct. No threats found by scans with Malwarebytes and Windows Defender and no other signs of any malware.

Edit: A fresh download shows the same results. The SHA-256 checksum is correct and no threats found by scans.
AOO 4.1.6 and LO 6.2.0.3 on Manjaro MATE
Bill
Volunteer
 
Posts: 7376
Joined: Sat Nov 24, 2007 6:48 am


Return to Install, Setup and Troubleshooting

Who is online

Users browsing this forum: No registered users and 6 guests