Avaddon Ransomware Still Using Excel 4.0 Macros

Spread the love

Avaddon Ransomware Still Using Excel 4.0 MacrosJust like jokes, sometimes the old vulnerabilities are the best ones. So, stop us if you’ve heard this before: ransomware criminals are still using malicious Excel 4.0 macros in campaigns. This week, Microsoft’s security intelligence team noted that Avaddon was the latest malware to use the macros as an infection vector.
This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying the malicious Excel attachments were sent to specific targets, primarily in Italy. When run, the malicious macro downloads the Avaddon ransomware. pic.twitter.com/K8TN9X9xQR— Microsoft Security Intelligence (@MsftSecIntel) July 2, 2020 Avaddon is a form of ransomware that emerged in early June, and it is the latest malware campaign to use Excel 4.0 macros to spread in recent weeks. “The technique has been adopted by numerous campaigns, including ones that used COVID-19 themed lures,” it said. We documented this back in May when the NetSupport Manager RAT appeared.

“This week’s campaign continues a recent trend of delivering ransomware as the immediate payload in email campaigns,” Microsoft said.

Avaddon searches for data to encrypt and then appends its own extension to encrypted files, dropping a ransom note in each folder that it affects. That links to a payment site accessible via the Tor network containing a unique ID that the victim can use to log in. They then see a ransom amount and instructions on how to pay.

The original ransomware campaign used in June used emails to distribute a JavaScript downloader that looked like an image file. However, online criminals will often change their techniques to keep victims guessing. Avaddon’s organizers reportedly posted to Russian-speaking hacker forums earlier this year, stating that they were operating an affiliate program for the ransomware. This would pay affiliates a portion of the ransom from any of their victims. One of those affiliates could well be responsible for the macro-based infection approach.

Macros are an old method of distributing malware that fell out of favor after Microsoft introduced more protections to stop them. Macros are disabled by default in more recent versions of Microsoft Office, meaning that criminals would have to persuade victims to turn them on. Enterprise IT admins can even set documents not to give users that option. However, not all of them do that, and many victims’ computers aren’t managed by an admin at all. So this ancient delivery method is still a fruitful vector for attackers.

X ITM Cloud News


Leave a Reply

Next Post

Moose Remain Unaware of Lottery Privacy Breach

Fri Jul 3 , 2020
Spread the love          Moose Remain Unaware of Lottery Privacy BreachIt isn’t often that you hear the words “breach,” “privacy,” and “moose” in the same sentence, but thanks to the province of Nova Scotia, that just changed. The maritime province on Canada’s East Coast was dealing with the publicity fallout from an information leak […]

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware