Ransomware Hits Microsoft Office 365

Wednesday, July 6, 2016 @ 12:07 PM gHale


Spam emails carrying the Cerber ransomware hit corporate users of the Microsoft Office 365 service.

The assault started June 22, just before 3 a.m. eastern time, when attackers tricked Microsoft’s defense to let the ransomware slip by.

RELATED STORIES
Ransomware Says Victims Stole Money
Ransomware Decrypter Available
Ransomware Masked as Rockwell Update
Crypto-Ransomware Attacks on Rise

It ended up taking Microsoft almost 24 hours to detect and start blocking the malicious file attachments, said officials at the Cloud security platform Avanan.

By that point, it was too late. Avanan said 57 percent of all companies using Office 365 had received at least one copy of the ransomware in their inboxes.

There is nothing special about this version of Cerber, and this seems to be a simple case of attackers bypassing Microsoft’s spam filters. A similar incident happened on June 1, when hackers bypassed Outlook and Hotmail spam filters and flooded users for hours with spam.

Cerber is a top ransomware package. Fortinet researchers said at the end of May, Cerber ranked third in terms of detected infections behind CryptoWall and Locky.

Cerber uses the OS text-to-speech feature to read out the ransom note to users.

Microsoft’s response, through a spokesperson, was “Office 365 malware protection identified the attack and was updated to block it within hours of its origination on June 22. Our investigations have found that this attack is not specific to Office 365 and only a small percentage of Office 365 customers were targeted.”