Theregister.co.uk | Richard Chirgwin | 28 Jun 2016 at 03:30
Spam flood tried to drop malicious macros in inboxes.
It’s 2016, and Microsoft Office macros are still a viable infection vector: security outfit Avanan says it’s spotted a week-long, large-scale malware attack against Office 365 users.
The campaign began on June 22, and Microsoft started blocking the malicious attachment on June 23.
Avanan says the attackers tried to send messages to 57 per cent of the organisations on its security platform using Office 365. Users were sent an Office document that invoked the malware via macros.
The attack used the Cerber ransomware, which first emerged in March. As well as encrypting user files, it takes over the victim’s audio system to read out its ransom note.
Any users infected found their files covered with AES-256 encryption and confronted with a 1.24 Bitcoin demand for decryption.