What is a malicious password-protected archive file?
In an attempt to make malicious content impossible to detect, threat actors often use password-protected files and archives. Security solutions that are designed to analyze file content have no visibility inside the archive, making it impossible for them to detect any malicious intent. These files are often distributed via phishing emails or shared drives to conceal malicious payloads within commonly used and legitimate file formats.
How do malicious password-protected files work?
Malicious password-protected archive files are designed to deceive users and bypass commonly deployed inspection engines to deliver malware and ransomware down to a user’s endpoint. Threat actors know that most organizations set their security policies to allow password protected files to pass through to end users, as security does not want to be seen to be impacting business operations. This creates an opportunity for them to strike.
What makes enterprises susceptible?
Password protected files and archives are used for legitimate business reasons, and therefore should not be blocked by default. Several factors can make an individual or an organization more susceptible to malicious password-protected archive files. These include:
- Relying on sandboxing analysis as the core element in determining if content is malicious
- Opening files from untrusted sources (web or email). Make sure to validate the website you are working on or the email user you are communicating with
- Lax security policies that are set to allow all when it comes to specific file types or archive files
It’s important to note that malicious password-protected archive files can be delivered using a combination of these techniques and can vary in sophistication.
How do I prevent myself from being the victim of a malicious password-protected archive file attack?
Password-protected archive files are used every day for legitimate business purposes. To reduce the risk of falling victim to these malicious password-protected archive files, it is important to make sure your users are only opening files from trusted sources and are cautious of emails or messages that are requesting you to open these password-protected archive files, especially if they are unsolicited or seem suspicious. The challenge with these best practices is that it relies on the conscientiousness of the user to hopefully avoid accidentally opening a malicious attachment. Many organizations should consider the use of a cloud-based Browser Security solution that protects against this type of attack automatically. A Browser Security solution intercepts the users’ web browsing sessions in a virtual browser in the cloud instead of the user’s endpoint device and prompts the end user to enter the password to open the archive. Once the archive is unlocked, the content can be scanned for threats before being downloaded to the endpoint, ensuring the prevention of threats.
With granular visibility and control over activity inside the browser, organizations can greatly reduce their attack surface and ensure that users and their endpoints are completely protected against any malicious content and highly evasive threats when viewing password-protected archive files.
FAQs
Malicious password-protected archive files are designed to deceive users and bypass commonly deployed inspection engines to deliver malware and ransomware down to a user's endpoint.
Are password protected files secure? ›
When you protect documents with a password, the contents are secured by a level of encryption, and only those who enter the correct password can access the file. While this may seem like adequate protection, it is akin to placing a lock on a 5-foot fence.
Can password protected files be accessed? ›
Because password-protected files are encrypted, they can't be accessed without the password, making them unreadable by most security tools, which cannot open and examine them.
How to remove password protected files? ›
Remove a password from a document
- Open the document and enter its password.
- Go to File > Info > Protect Document > Encrypt with Password.
- Clear the password in the Password box, and then click OK.
Since an antivirus can't see inside a password protected file, it can't scan what's inside.
Can password-protected files be malware? ›
In an attempt to make malicious content impossible to detect, threat actors often use password-protected files and archives.
Why are there so many password-protected files on my computer? ›
Password-protected files belong in most cases to legitimate software. They are protected with a randomly generated password by their developers to avoid reverse engineering for malicious purposes. Most commonly, these are: Files that belong to another security solution.
How safe are password protected PDF files? ›
You can think of a basic PDF password as a locked gate on a fence. It prevents immediate access to your document, but the file is still in plain view behind the fence. If someone gets through the gate, they'll have full access to your information.
Can a password protected file be opened? ›
When you attempt to open a protected file, you will need to enter one or more passwords and supply other information, such as an account name, in order to open the file. You may also be able to open the file by using Guest Access if privileges for the file are configured to permit it.
Is it possible to open a password protected PDF file? ›
Simply open the PDF document and enter the password when your Android device prompts you for it. Any mobile PDF readers worth their salt support passwords and can unlock the files. If you're using Acrobat Reader, you can follow these steps to open your password-protected PDF files: Open the Adobe Acrobat Reader app.
The primary purpose of locking a PDF is to prevent access to unauthorized personnel. Document restrictions put in place with an owner password can include the following: Printing. Changing the document.
Can a password protected folder be deleted? ›
You can't delete a folder with a locked file in it. The trick is how to keep it open all the time. There are endless ways to do this. One lightweight way to do this with built in methods would be a scheduled task that runs on boot that opens the files.
How do I open a protected File without a password? ›
If the file is encrypted, the software will usually prompt you to enter the password. Since you forgot the password, we can try other steps. Find the protection tool: Find the "Protect" tool in the toolbar, which has various options for document security. Select "Encrypt" and then select "Remove Security".
Is a password protected zip file safe? ›
However, if the attached file is zipped and encrypted, security software will not be able to check the contents. In other words, if the file contains a virus, it is likely to be delivered to your inbox undetected.
Can Google Drive scan password protected zip files? ›
A Google representative said the company doesn't scan password-protected zip files, though Gmail does flag them when users receive such a file.
How do I know if a zip file is malware? ›
Check the file extension
Look at the file extension of the file inside the zip folder. If it's an executable file, such as .exe or . bat, be cautious as these types of files are commonly used for malware. Threat actors may sometimes hide the fact that a file is an executable.
How secure is a password protected PDF file? ›
You can think of a basic PDF password as a locked gate on a fence. It prevents immediate access to your document, but the file is still in plain view behind the fence. If someone gets through the gate, they'll have full access to your information.
Is a password protected file automatically encrypted? ›
An easy way to encrypt information that is already held in an Office document is to put a password on it, this automatically encrypts it too.
What does it mean if a document is password protected? ›
To prevent a document from being copied to another application, as well as to keep it from being printed without permission. To keep information safe from hacking.
