Ransomware in Office 365 email

Avanan’s blog reported a large ransomware attack against Office 365 users. Avanan’s Cloud Security Platform started to detect a massive attack on June 22nd. The payload was inside an attached Microsoft Word file. By June 23rd Microsoft was blocking the distribution of this attachment in email messages. Avanan estimated that 57% of companies using Office 365 email received at least one message last week.

A variant of the Cerbex ransomware was found in the offending email attachments. If Cerbex executed on any computer all of the working files would be encrypted. A demand message for a $500 payment in bitcoins to unlock the files appears. All of your files are gone. Your last resort is a good offsite backup of everything that you have ever created.

Cerbex ransomware when Microsoft Macros are enabled

If you do not have an advanced malware protection service like Avanan then protect your office by disabling unsigned macros in Microsoft Word. If you have a domain controller you can block macro files from the Internet for all of your computers. The instructions from Microsoft can be found here.

McAfee Labs has seen a 165% rise in ransomware attacks in the first quarter of 2015. Seven hundred thousand attacks were detected just by McAfee in Q1, 2015. In April of 2016 Hory county school district in South Carolina paid over $10,000 in ransom to restore encrypted files from just one attack. In 2015 the FBI received 2,453 complaints about ransomware, costing the companies or users more than $24 million dollars.

An ounce of prevention is less than a pound of cure once again.

Who is watching your data? Need some help? Just send us an email.