"Cannot open the file because the file format or extension is invalid" opening Office files

 

 UPDATE:

 We have identified the malware as a new family of ransomware

 

 

Definition Information:

    Latest public Endpoint AM defs:  1.157.1542.0 (Expect several hours later for 1.157.1559.0 or higher)      https://www.microsoft.com/security/portal/definitions/whatsnew.aspx

    Latest Prerelease AM defs: 1.157.1542.0 (Expect several hours later for 1.157.1559.0 or higher)      https://www.microsoft.com/security/portal/shared/prereleasesignatures.aspx

The signatures are now updated. You should be able to use Safety Scanner to detect and clean it. It does NOT clean your documents, so you will want to restore from a backup after cleaning the malware from your system.



 

Upon further analysis of the files that have been submitted to us for investigation, the analysts

have determined that the files are encrypted with a private and public key.

Unless the private key is available, the files will not be able to be recovered.

The private key is more than likely held by the attacker.The premise of ransom ware such as this is

that if a person pays the ransom, a key is provided to unlock the files.

The best course of action is to clean up the malware and then restore files from a backup.

 

More Information:

 

We are currently investigating an ongoing situation where users may encounter an error when trying to open Office documents.

The error can happen opening any Office file type, not just Excel files as shown in the image below. The error says:

"Cannot open the file ... because the file format or extension is not valid. Verify, that the file has not been corrupted and that the file extension matches the format of the file."

 

With PowerPoint binary files (.PPT) , you will see a dialog similar to the following screenshot. We don't have OOXML samples yet but will post images once we have these.

 


 

Other Support Blog links

 

 

_____________________________________________________________________________

Security Essentials Microsoft Security Essentials  https://www.microsoft.com/security/pc-security/mse.aspx