[ZERO DAY ALERT] Ransomware Targets MS Office 365 Users



Cerber Ransomware Macros Document

Apparently, MS Office 365 built-in security tools are not cutting it.  A new strain of the Cerber Ransomware is now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools.

A new report released by cloud security provider Avanan shows a massive zero-day attack targeting Office 365 users with phishing emails having malicious file attachment payloads.

In a Deja Vu moment, -- this is getting old very fast -- Cerber uses social engineering to trick users to allow macros, just like the recent Locky and Dridex attacks. 

While Avanan did not specify the exact number of users possibly hit by the ransomware, Microsoft reported in its first quarter 2016 that there are almost 18.2 Million Office 365 subscribers. Although Cerber originally emerged in March, the malware campaign targeting Office 365 users began on June 22. However, Microsoft started blocking the malicious file attachment on June 23, but as we all know that is a game of whack-a-mole and the bad guys have the advantage.

"While difficult to precisely measure how many users got infected," Avanan estimated that "roughly 57 percent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack."

The Cerber ransomware strain is a weird one. It not only encrypts user files and displays a ransom note, but also takes over the user's audio system to read out its ransom note informing them that their files were encrypted.

What To Do About It 

  • Weapons-grade backups are rule #1 
  • Disable Macros in your MS Office programs
  • Step end-users through effective security awareness training
  • And here are 8 other things you can do

Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must

KnowBe4's integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!

See it for yourself and get a live, one-on-one demo.

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo

 

Topics: Ransomware

Subscribe To Our Blog


Ransomware Hostage Rescue Manual

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews