Ransomware slams corporate Office 365 users with macro storm

Spam flood tried to drop malicious macros in inboxes

It's 2016, and Microsoft Office macros are still a viable infection vector: security outfit Avanan says it's spotted a week-long, large-scale malware attack against Office 365 users.

The campaign began on June 22, and Microsoft started blocking the malicious attachment on June 23.

Avanan says the attackers tried to send messages to 57 per cent of the organisations on its security platform using Office 365. Users were sent an Office document that invoked the malware via macros.

The attack used the Cerber ransomware, which first emerged in March. As well as encrypting user files, it takes over the victim's audio system to read out its ransom note.

Cerber campaign

Macro attacks: 20-plus years old, still effective

Any users infected found their files covered with AES-256 encryption and confronted with a 1.24 Bitcoin demand for decryption. ®




Biting the hand that feeds IT © 1998–2018