Cerber Ransomware Assault Targets Corporate Users of Microsoft Office 365

Innumerable users of Microsoft Office 365 apparently encountered one huge 0-day Cerber ransomware assault this past week which in addition to involving one ransom notification, projected warning through an audio for infected users about files on their computers that had been encrypted.

It was June 22 this year (2016) that the onslaught started, immediately prior to 7:00 AM UTC when cyber criminals applied one new trick for running Cerber-implanted spam that bypassed the security defenses of Microsoft. According to Avanan a cloud security service, Microsoft spent approximately 5 hours for identifying the malevolent attached files within the spam messages as also begin blocking them.

Avanan's analysis shows that Microsoft's identification and blocking of the attached files occurred on 23rd June. The service stated it instantly found the malware's rebirth through clients utilizing the SandBlast solution of Check Point via Avanan's cloud security platform. Among the total number of users of Avanan's service, approximately 57 per cent of companies using Office 365 got at least once the malware inside certain company mailbox while the attack was getting executed.

And as per FireEye a security company, when May arrived it was Dridex that often delivering Cerber within its spam campaigns, which used malevolent Microsoft Office files, exploiting macro vulnerabilities, while dropping the ransomware. Moreover, earlier in June 2016, Invincea's security researchers cautioned about Cerber using one polymorphic methodology of "hash factory" for fast altering payloads within 15 seconds gap each time so as for bypassing signature-based detection. Darkreading.com posted this online dated June 27, 2016.

Consumers after triggering off SandBlast through Avanan's platform managed in stopping Cerber's infection from happening since SandBlast solution detected the ransomware as one refined 0-day malware.

It may be noted states Fortinet that Cerber occupies the third position in the List of Top Ransomware families of today following the notorious CryptoWall and Locky ransomware on first and second positions respectively. Also, Cerber utilizes the operating software text-to-speech characteristic for making an audio effect to the ransom declaration made to victims attempting at viewing an attachment. This aspect makes all Cerber assaults a unique factor for the malware.

» SPAMfighter News - 7/4/2016