Blocking the Cryptolocker Virus in Office 365

[Updated 8/12/2015: Nearly two year after originally writing this post, we still recommend this method for blocking ransomware and malware sent through attachments in Office 365. Cryptolocker was largely taken down in 2014 BUT newer versions of ransomware (like Cryptowall) continue to pop up every day.]

The easiest and most effective way to block Cryptolocker (a form of ransomware, which is malware that takes your data hostage for a ransom fee) in Office 365 is to block all attachments that contain executable (EXE) files.  Here is a step-by-step guide on how to block all .exe files in Office 365 (including inside .zip files):

Block EXE email Attachments in Office 365

1. Logon to Office 365 and choose Admin, Exchange in the top right.

2. Choose “mail flow” on the left side.

3. Under rules click the + to create a new rule.


4. Choose a Name for rule like “Block EXE Attachments”

5. Click “More Options” at the bottom of the page.


6. Choose “Apply this rule if…” , “any attachment”, “file extension includes these words”

7. Type in EXE and press the + to add. Then choose OK.


8. Under “Do the Following”, choose “Block the message”, “reject the message and include an explanation”

9. For reason enter “Attachment contains an EXE file” and press OK.

10. If you wish, you can add an exception so users can type a word in the subject line if they have a valid reason to get an exe file via email. Under “Except if…” choose “add exception” , “the subject or body”, “subject includes any of these words” and enter the word you choose to allow. Make sure you press + to add word then OK.

11. Under "choose mode for this rule," select enforce.

12. Give it about 15 minutes then test by sending a zip file with an exe file inside. Also test the exceptions if you added one.

This will reject emails that have EXE file attachments sent to Office 365 (even when inside a zip file). Please note, this will only block ransomware sent through attachments and will not protect you from ransomware sent through links. Always be cautious when opening attachments and links.

To stay up to date on the latest data security threats, follow us on Twitter.

If you have questions about protecting your data from ransomware and other threats, or if you have been infected, please contact us.

Related Posts

Red haired woman in sweater working from home on a microsoft surface in natural lighting
What is Microsoft 365 Security and Compliance?
- A recent Upwork study found around a quarter of the professional workforce will work outsi...
Microsoft 365 vs. Office 2021: What’s The Difference?
- Remember back in grade school, you learned about how all rectangles are squares but not al...
60,000 New Emails! What Happens When Your Inbox Gets Subscription Bombed
- Hopefully, you’ve never run into this problem, but if you have and you’re looking for answ...