Apache OpenOffice Community Forum

Hello,

I have a Windows 7 machine that is connected to a server that gets used for one task (shipping products). Yesterday, I installed OpenOffice on it and carried on my way.

2-3 hours later, our server gets attacked by ransomware and we had to recover the data. My IT team tells me that the origin started from this computer and the only changes made on that computer that day was installing OpenOffice. I know because I'm the only one that used the computer all day, no one else is here.

I downloaded directly from the website. This is the download link from my download logs:

https://versaweb.dl.sourceforge.net/pro ... _en-US.exe

I'm not saying OpenOffice is responsible but I just wanted to open a dialogue about it. Have you guys heard of anything like this?

Verify the checksum of the file you have downloaded by the methods described in
Apache OpenOffice - How to verify the integrity of the downloaded file?

If it passes the checksum test, then the file is as it left the OO code factory and is clean.

Don't forget that ransomware can be caused by website visits and emails. Has your IT department carried out an indepth scan of your computer?

sourceforge.net is a reputable site but ...

... it is always better to download software from the author's site - in this case http://www.openoffice.org/download/index.html

The files are hosted on the sourceforge.net.
Your link seems related to sourceforge but I've not checked the checksum of the file. Do that, it will give you the answer for sure.
If it's correct, then the attack comes from elsewhere.

I downloaded the same installation file from the same SourceForge mirror on January 2 and installed the same day. The downloaded file size is 140,756,235 bytes. The SHA-256 checksum is correct. No threats found by scans with Malwarebytes and Windows Defender and no other signs of any malware.

Edit: A fresh download shows the same results. The SHA-256 checksum is correct and no threats found by scans.