14 DAY TRIAL // A wave of spam emails carrying malicious file attachments infected with the Cerber ransomware hit corporate users of the Microsoft Office 365 service.
The onslaught began on June 22, just before 7:00 AM UTC, when crooks used a novel trick to launch Cerber-infested spam past Microsoft's security defenses.
Cloud security platform Avanan says it took Microsoft about a day to detect and start blocking the malicious file attachments.
By that point, it was too late, with Avanan saying that 57 percent of all companies using Office 365 had received at least one copy of the ransomware in their inboxes.
There is nothing special about this version of Cerber, and this seems to be yet another case of crooks managing to bypass Microsoft's spam filters. A similar incident happened on June 1, when hackers bypassed Outlook and Hotmail spam filters and flooded users for hours with spam.
Cerber is one of today's top ransomware families. According to data provided by Fortinet at the end of May, Cerber ranked third in terms of detected infections behind the infamous CryptoWall and Locky families.
If you need something to identify Cerber infections by, then you should remember that this is the ransomware family that uses the OS text-to-speech feature to read out the ransom note to users. Below is a screenshot of the malicious document received in this most recent campaign that targeted Microsoft Office 365 corporate users.
UPDATE: A Microsoft spokesperson told Softpedia regarding the attack that "Office 365 malware protection identified the attack and was updated to block it within hours of its origination on June 22. Our investigations have found that this attack is not specific to Office 365 and only a small percentage of Office 365 customers were targeted."
