Widespread Ransomware Attack Targets Microsoft Office 365 Users

Written by

A nasty ransomware is at the heart of a widespread attack on Microsoft 365 users.

The virus, called Cerber, is spread through email and, like other ransomware, encrypts users’ files and demands payment in order to unlock them. It plays an audio file informing the user that the computer’s files have been encrypted, while a warning message was displayed on screen. The ransom is set at 1.24 bitcoins or about $500.

“Cerber spreads via phishing emails,” explained Steven Toole, a researcher at Avanan, in a blog. “Once infected, a victim's files become encrypted using the AES-265 and RSA encryption method, which is currently unbreakable.”

Avanan estimates that roughly 57% of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack.

A variation of the virus was originally detected on network mail servers back in early March. It has since respawned into a second life, and Avanan said that it was widely distributed after its originator was apparently able to confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.

Microsoft however said that the threat is overblown. "Office 365 malware protection identified the attack and was updated to block it within hours of its origination on June 22," a spokesperson told us via email. "Our investigations have found that this attack is not specific to Office 365 and only a small percentage of Office 365 customers were targeted.”

Microsoft detected the attack and started blocking the attachment as of June 23.

This is, however, a sign of the times, according to Anavan: “We are continuing to see a significant increase in the complexity of malware targeting business networks, and this attack is an excellent example. By utilizing several exploit kits, it was able to bypass traditional sandboxes. It also speaks to the effort hackers are putting into creating new zero-day attacks and the challenges businesses face in securing their networks against cybercriminals.”

“Many users of cloud email programs believe they 'outsourced' everything to Microsoft or Google, including security,” explained Gil Friedrich, CEO of Avanan. “The reality is that hackers first make sure their malware bypasses major cloud email providers' security measures, and so most new malware goes through cloud email programs undetected.”

Photo © Lightbox

What’s hot on Infosecurity Magazine?