Ransomware Targets Outdated Microsoft Excel Macros to Deploy Attacks

Microsoft Security Intelligence alerted users to a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments which deploy an attack when opened in any version of Excel.

Avaddon ransomware emerged in early June through a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware mostly targets Italian users.

As BleepingComputer reports, the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto.

The attack commonly impersonates officials from Italy’s Labor Inspectorate. Messages alert small businesses to alleged work violations during “a period of crisis,” referring to the COVID-19 pandemic.

Microsoft said in its Twitter profile:

“While an old technique, malicious Excel 4.0 macros started gaining popularity in malware campaigns in recent months. The technique has been adopted by numerous campaigns, including ones that used COVID-19 themed lures.”

Avaddon’s messages warn about pending legal actions which will be taken if the user does not open the malicious document.

A recent study by cybersecurity firm, Proofpoint, shows a recent increase in email-based phishing attacks used to deliver ransomware.

Subscribe to our groups in Facebook and Telegram and stay up to date.

Main, News

Leave a Reply

Your email address will not be published.