Widespread Ransomware Attack Targets Microsoft Office 365 Users

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
A nasty ransomware is at the heart of a widespread attack on Microsoft 365 users.

The virus, called Cerber, is spread through email and, like other ransomware, encrypts users’ files and demands payment in order to unlock them. It plays an audio file informing the user that the computer’s files have been encrypted, while a warning message was displayed on screen. The ransom is set at 1.24 bitcoins or about $500.

“Cerber spreads via phishing emails,” explained Steven Toole, a researcher at Avanan, in a blog. “Once infected, a victim's files become encrypted using the AES-265 and RSA encryption method, which is currently unbreakable.”

Avanan estimates that roughly 57% of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack.

A variation of the virus was originally detected on network mail servers back in early March. It has since respawned into a second life, and was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.

“We are continuing to see a significant increase in the complexity of malware targeting business networks, and this attack is an excellent example. By utilizing several exploit kits, it was able to bypass traditional sandboxes. It also speaks to the effort hackers are putting into creating new zero-day attacks and the challenges businesses face in securing their networks against cybercriminals.”

Microsoft detected the attack and started blocking the attachment as of June 23.
Widespread Ransomware Attack Targets Microsoft Office 365 Users - Infosecurity Magazine
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top