Blocking the Cryptolocker Virus in Office 365

Blocking the Cryptolocker Virus in Office 365


[Updated 8/12/2015: Nearly two year after originally writing this post, we still recommend this method for blocking ransomware and malware sent through attachments in Office 365. Cryptolocker was largely taken down in 2014 BUT newer versions of ransomware (like Cryptowall) continue to pop up every day.]

The easiest and most effective way to block Cryptolocker (a form of ransomware, which is malware that takes your data hostage for a ransom fee) in Office 365 is to block all attachments that contain executable (EXE) files.  Here is a step-by-step guide on how to block all .exe files in Office 365 (including inside .zip files):

Block EXE email Attachments in Office 365

1. Logon to Office 365 and choose Admin, Exchange in the top right.

2. Choose “mail flow” on the left side.

3. Under rules click the + to create a new rule.


4. Choose a Name for rule like “Block EXE Attachments”

5. Click “More Options” at the bottom of the page.


6. Choose “Apply this rule if…” , “any attachment”, “file extension includes these words”

7. Type in EXE and press the + to add. Then choose OK.


8. Under “Do the Following”, choose “Block the message”, “reject the message and include an explanation”

9. For reason enter “Attachment contains an EXE file” and press OK.

10. If you wish, you can add an exception so users can type a word in the subject line if they have a valid reason to get an exe file via email. Under “Except if…” choose “add exception” , “the subject or body”, “subject includes any of these words” and enter the word you choose to allow. Make sure you press + to add word then OK.

11. Under "choose mode for this rule," select enforce.

12. Give it about 15 minutes then test by sending a zip file with an exe file inside. Also test the exceptions if you added one.

This will reject emails that have EXE file attachments sent to Office 365 (even when inside a zip file). Please note, this will only block ransomware sent through attachments and will not protect you from ransomware sent through links. Always be cautious when opening attachments and links.

To stay up to date on the latest data security threats, follow us on Twitter.

If you have questions about protecting your data from ransomware and other threats, or if you have been infected, please contact us.

New Call-to-action

Posts by Topic

see all