Hello,
I have a Windows 7 machine that is connected to a server that gets used for one task (shipping products). Yesterday, I installed OpenOffice on it and carried on my way.
2-3 hours later, our server gets attacked by ransomware and we had to recover the data. My IT team tells me that the origin started from this computer and the only changes made on that computer that day was installing OpenOffice. I know because I'm the only one that used the computer all day, no one else is here.
I downloaded directly from the website. This is the download link from my download logs:
https://versaweb.dl.sourceforge.net/pro ... _en-US.exe
I'm not saying OpenOffice is responsible but I just wanted to open a dialogue about it. Have you guys heard of anything like this?
Ransomware?
Re: Ransomware?
Verify the checksum of the file you have downloaded by the methods described in
Apache OpenOffice - How to verify the integrity of the downloaded file?
If it passes the checksum test, then the file is as it left the OO code factory and is clean.
Don't forget that ransomware can be caused by website visits and emails. Has your IT department carried out an indepth scan of your computer?
Apache OpenOffice - How to verify the integrity of the downloaded file?
If it passes the checksum test, then the file is as it left the OO code factory and is clean.
Don't forget that ransomware can be caused by website visits and emails. Has your IT department carried out an indepth scan of your computer?
Apache OpenOffice 4.1.15 on Xubuntu 22.04.4 LTS
Re: Ransomware?
sourceforge.net is a reputable site but ...
... it is always better to download software from the author's site - in this case http://www.openoffice.org/download/index.html
... it is always better to download software from the author's site - in this case http://www.openoffice.org/download/index.html
LO 6.4.4.2, Windows 10 Home 64 bit
See the Writer Guide, the Writer FAQ, the Writer Tutorials and Writer for students.
Remember: Always save your Writer files as .odt files. - see here for the many reasons why.
See the Writer Guide, the Writer FAQ, the Writer Tutorials and Writer for students.
Remember: Always save your Writer files as .odt files. - see here for the many reasons why.
-
Hagar Delest
- Moderator
- Posts: 32650
- Joined: Sun Oct 07, 2007 9:07 pm
- Location: France
Re: Ransomware?
The files are hosted on the sourceforge.net.
Your link seems related to sourceforge but I've not checked the checksum of the file. Do that, it will give you the answer for sure.
If it's correct, then the attack comes from elsewhere.
Your link seems related to sourceforge but I've not checked the checksum of the file. Do that, it will give you the answer for sure.
If it's correct, then the attack comes from elsewhere.
LibreOffice 7.6.2.1 on Xubuntu 23.10 and 7.6.4.1 portable on Windows 10
Re: Ransomware?
I downloaded the same installation file from the same SourceForge mirror on January 2 and installed the same day. The downloaded file size is 140,756,235 bytes. The SHA-256 checksum is correct. No threats found by scans with Malwarebytes and Windows Defender and no other signs of any malware.
Edit: A fresh download shows the same results. The SHA-256 checksum is correct and no threats found by scans.
Edit: A fresh download shows the same results. The SHA-256 checksum is correct and no threats found by scans.
AOO 4.1.14 on Ubuntu MATE 22.04