Pierluigi Paganini June 28, 2016

Cloud security provider Avanan discovered a number of Cerber Ransomware variants targeting corporate Office 365 users with malicious emails.

Cloud security provider Avanan spotted a number of Cerber Ransomware variants that are targeting corporate Office 365 users with spam or phishing emails leveraging on malicious file attachments.

Threat actors sent an Office document that embedded malicious macros to download the ransomware.

According to a report published by Avanan, threat actors exploited a zero-day vulnerability to deliver the Cerber ransomware,

The ransomware campaign started on June 22, the day after Microsoft started blocking the attachment used in the attacks.

“Starting June 22 at 6:44 a.m. UTC, Avanan’s Cloud Security Platform started to detect a massive attack against its customers that were using Office 365. The attack included a very nasty ransomware virus called Cerber, which was spread through email and encrypted users’ files.” states the report.

Experts from Avanan revealed that the attackers behind the campaign tried to send messages to 57 per cent of the organisations on its security platform using Office 365.

“While difficult to precisely measure how many users got infected, Avanan estimates that roughly 57 percent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack.”

This specific ransomware encrypts files with AES-256 and requests a 1.24 Bitcoin ransom for unblock the user’s documents.

The experts noticed that strain of the Cerber ransomware used in the attack also takes over the host audio system to read out its ransom note.