Do not open documents claiming “This document protected by CloudFlare”

Do not open documents claiming “This document protected by CloudFlare”

“This document protected by CloudFlare” is a message you may see when you open a malicious file. Along with this message, there may also be one saying you need to enable macros to open the document. If you download a malicious file disguised as a document, before the malware can execute you need to open the file and enable macros. Many years ago, when users opened Microsoft Office documents, the macros would be enabled automatically, but currently, they need to be enabled by users manually. This means that even if you open a malicious file, as long as you do not enable macros, the malware will not be able to execute. However, malware operators use various tactics to trick users into enabling them.

This document protected by CloudFlare

We should mention that CloudFlare is a legitimate website security company and obviously does not have anything to do with malware. Malware operators are merely using the name to trick users into executing their malware.

You may encounter the “This document protected by CloudFlare” message when you open a spam email attachment that contains malware. Spam emails are one of the most common malware distribution methods, and all users need to do to infect their computers is open the attached file and enable macros.

If you do download a document and see a message saying the document is protected and that you need to enable macros, you need to delete “This document protected by CloudFlare” file immediately.

Malware is often spread using spam emails

Spam email campaigns are one of the most commonly used malware distribution methods. Malicious files may come attached to emails that are disguised to appear as some kind of official correspondence from a known company, government agency, bank, etc. The emails usually claim that the attached file has to be opened urgently because it’s an important document that needs to be reviewed. When users download the file and open it, they are asked to enable macros, and if they do, the malware can initiate.

In many cases, the emails carrying malware are quite obvious. Despite claiming to be official correspondence, the emails contain loads of grammar and spelling mistakes, and make little sense if you actually examine the email contents in detail. Furthermore, they are often sent from email addresses that are made up of random numbers and letters. The mistakes and the random email address are usually a dead giveaway that it’s not a legitimate email.

There are more sophisticated emails distributing malware so we always recommend that you be wary of unsolicited emails. In order to be sure that what you are about to open is not malware, you should always scan email attachments with anti-malware software or VirusTotal before opening them.

Enabling macros would allow the malware to initiate

The emails spreading malware often claim that an important document is attached it. When you download the file and open it with Microsoft Office, you will see a security warning saying that macros have been disabled and an “Enable Content” button. There will also be a message saying that “This document protected by CloudFlare. Online preview not available” and that you need to “enable editing and content”. As we said before, if you press “Enable Content”, you’d be allowing the malware to initiate.

The malware that often uses this method is ransomware, malware that encrypts files. It’s a very dangerous infection that can leave you with encrypted files and no way of recovering them. Backup is usually the only way to get the files back but not all users have the habit of backing up their data regularly. Crooks behind the ransomware offer to decrypt the files if victims agree to pay the ransom. They usually demand that users pay between $100 to $1000 to get the decryptor. And in many cases, when victims pay they don’t get anything in return.

To prevent serious malware infections, always be skeptical of files which to open you need to enable macros. More likely than not, it will be some kind of malware.

“This document protected by CloudFlare” removal

If you open a file that says “This document protected by CloudFlare” and you are asked to enable macros, close the document and delete it immediately. Do not enable the macros under any circumstances because you’ll end up allowing malware to initiate.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *