Is there anything worse than a Christmas layoff? The layoff may be a hoax, but the ransomware infecting your PC is no joke …

The malware that comes through the email need some hook to get the victim to enter a website or a document, from where the virus is installed.

And what greater hook could there be than an email from your company notifying you of your dismissal, and asks you to read an Excel document to find out the reasons?

Dridex is dangerous malware created by the group Evil Corp (a very appropriate name) that began by robbing bank accounts. But it evolved into different ransonware: BitPaymer, DoppelPaymer, WastedLocker, and Grief.

Now, as reported Bleeping Computer, a new variant has been discovered, with a macabre point: infects through a dismissal email.

Through a previous hack, cybercriminals they obtain the emails of the employees of the companies, and they send them a corporate email where they explain that they have been fired, immediately and irrevocably.

The email asks consult an Excel document that contains the reasons for the dismissal, and provides a password to enter, as can be seen here:

When the Excel document is accessed, text is blurry because macros are disabled, since many companies deactivate them precisely because it is through macros that viruses enter.

Other text indicates to press the button Activate content to view the dismissal document. And here’s the catch: When you activate the macros, the virus sneaks into the computer.

The victim only sees a message that says “Merry Christmas, dear employees!“, making her think it’s a joke. But your computer has been infected by malware, which changes depending on the version.

In some cases it is a tracker software that tries to steal the bank keys when it detects them. In others a ransomware that locks your computer and you can’t regain control until you pay a cryptocurrency ransom.

If you receive a dismissal message by email, think twice before opening it …