Do you remember just last month that corporate Office 365 users were targeted with malicious emails? Well, that was a part of the over whole Cerber ransomware campaign which servers are now shut down.
According to a blog post written by two researches from FireEye, the server used in the Cerber ransomware campaign has been shut down with the efforts of FireEye, the Computer Emergency Response Teams in the Netherlands (CERT-Netherlands), and web hosting companies.
Cerber ransomware attack used malicious spam emails that contained Micorosoft Word attachments that were infected so once the users opens up the attached document, a macro then writes a small piece of VBScript into memory and with that the encryption of users’ files has started.
Ransomware guys actually know a lot about customer service.
Just like other ransomware variants the decryptor supports 12 languages in order to finale up with the payment and they even give you discounts if you pay immediately.
Researchers definitely suggest turning off macros in order to avoid any possible problems in the future.
“Disabling support for macros in documents from the Internet and increasing user awareness are two ways to reduce the likelihood of infection”.
These kind of ransomware campaigns, and similar to them, underline over and over again the vulnerabilities of cloud storage systems.
Ransomware that attacks through Saas application such as Google Apps and Office 365 “was spawned by the syncing of files on a desktop, laptop or mobile device to the cloud-based file and storage system,” said Jeff Erramouspe, GM of EMC's Spanning unit.
“From there, the malware can be transmitted to other employee, customer and partner data as well since many of these systems are collaborative in nature.”
This is probably just the beginning of the increasing ransomware attacks targeting these SaaS apps.