The easiest and most effective way to block the cryptolocker virus in Office 365 is to block all attachments that contain EXE files. Here is a step by step guide on how to block all .exe files in Office 365 (including inside .zip files).
Block EXE email Attachments in Office 365
1. This will reject emails that have EXE file attachments sent to Office 365 (even when inside a zip file). The intent is to block the cryptolocker virus.
2. Logon to Office 365 and choose Admin, Exchange in the top right.
3. Choose “mail flow” on the left side.
4. Under rules click the + to create a new rule.
5. Choose a Name for rule like “Block EXE Attachments”
6. Click “More Options” at the bottom of the page.
7. Choose “Apply this rule if…” , “any attachment”, “file extension includes these words”
8. Type in EXE and press the + to add. Then choose OK.
9. Under “Do the Following”, choose “Block the message”, “reject the message and include an explanation”
10. For reason enter “Attachment contains an EXE file” and press OK.
11. If you wish you can add an exception so users can type a word in the subject line if they have a valid reason to get an exe file via email. Under “Except if…” choose “add exception” , “the subject or body”, “subject includes any of these words” and enter the word you choose to allow. Make sure you press + to add word then OK.
12. Under choose mode for this rule select enforce.
13. Give it about 15 minutes then test by sending a zip file with an exe file inside. Also test the exceptions if you added one.