Microsoft Office 365 hit with massive Cerber ransomware attack, report

Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week.

At least 57 percent of all Office 365 customers received at least one phishing attempt that contained the infected attachment.
At least 57 percent of all Office 365 customers received at least one phishing attempt that contained the infected attachment.

Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week that not only included a ransom note, but an audio warning informing victims that their files were encrypted.

Steven Toole, a researcher for the cloud-security firm Avanan, blogged that his company saw the first attack roll in at 6:44 a.m. on June 22 and that at least 57 percent of all Office 365 customers received at least one phishing attempt that contained the infected attachment. While Avanan did not supply a specific number of those possibly hit, Microsoft reported in its first quarter 2016 earnings report that there are 18.2 million Office 365 subscribers.

In a unique twist, the ransom note was accompanied by an audio file explaining the attack and how to regain access to the files. Toole said it took Microsoft more than 24 hours to detect the attack and start blocking the attachment. The attacker asked for a ransom totaling 1.4 bitcoin, or about $500 (£375), for the decryption key. 

“This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year," Toole wrote. "As it respawned into a second life, this time Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.” 

Microsoft did not reply by press time to an SCMagazine.com request for further information regarding the attack.