Well we learned that relying on the security tools of Microsoft Office 365 is not the best approach.
Versions of Cerber Ransomware are now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365’s built-in security tools.
A report published by cloud security provider Avanan, the massive zero-day Cerber ransomware attack targeted Microsoft Office 365 users with spam or phishing emails carrying malicious file attachments.
The Cerber ransomware is invoked via Macros. Yes, you heard that right but even in 2016, a single MS Office document could compromise your system by enabling ‘Macros‘.
You can see a screenshot of the malicious document in the latest malware campaign below, targeting Microsoft Office 365 users:
While the security firm did not specify the number of users effected by the ransomware, Microsoft reported in its first quarter 2016 that there are almost 18.2 Million Office 365 subscribers.
“While difficult to precisely measure how many users got infected,” Avanan estimated that “roughly 57 percent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack.”
Although Cerber originally emerged in March, the malware campaign targeting Office 365 users began on June 22. However, Microsoft started blocking the malicious file attachment on June 23.
The Cerber Ransomware not only encrypts user files and displays a ransom note, but also takes over the user’s audio system to read out its ransom note informing them that their files were encrypted.
The ransomware encrypts files with AES-256 encryption, asking victims to pay about $800 for the decryption key.
How to Protect Yourself from Cerber Ransomware
In order to prevent yourself from the Cerber or any ransomware attack:
- Always keep your system and antivirus up-to-date.
- Regularly backup your files.
- Disable Macros in your MS Office programs.
- Always beware of phishing emails, spams, and clicking the malicious attachment.
- You can also use an Intrusion detection system (IDS), for which you can try AlienVault Unified Security Management (USM) that includes an inbuilt IDS with SIEM and real-time threat intelligence to help you quickly detect malware and other threats in your network.