back to article Ransomware slams corporate Office 365 users with macro storm

It's 2016, and Microsoft Office macros are still a viable infection vector: security outfit Avanan says it's spotted a week-long, large-scale malware attack against Office 365 users. The campaign began on June 22, and Microsoft started blocking the malicious attachment on June 23. Avanan says the attackers tried to send …

  1. SteveCo


    Won't the user just need to click 'previous version' and get back the unencrypted files? Doesn't O365 automatically keep the older versions for you?

    1. Anonymous Coward
      Anonymous Coward

      Re: Undo

      "Any users infected found their LOCAL files covered with AES-256 encryption and confronted with a 1.24 Bitcoin demand for decryption. ®"

      FTFY. O365 is just the means of delivery.

      The interesting thing here is how they've targeted such a large number of O365 orgs. We're migrating, but still using local relays and internal forwarding, so DNS probes won't show we've got O365 MX servers. That said, to my knowledge we haven't had one of these (get through at least anyway).

  2. Anonymous Coward
    Anonymous Coward

    audio system to read out its ransom note.

    Is there a link to what the audio message sounds like?

    1. Grade%

      Re: audio system to read out its ransom note.


      Probably. Utilizing win text to speech.

    2. VinceH

      Re: audio system to read out its ransom note.

      Probably something like this, perhaps?

  3. GRiLL@

    It does seem rather suspicious that the screenshot shows Office 2007, which isn't supported with Office 365, and the 53% would seem to the number of customers of Avanan's security suite in front of Office 365.

    No customers quoted who were actually impacted.

    Sounds like a FUD post by a security vendor offering a solution to this problem, not a credible source.

    1. Roland6 Silver badge

      The recent flurry of this style of emails is real and I agree this isn't about O365 per sa.

      I received one in the form of a Vat Return:

      What is particularly interesting is how the attack uses social methods to gets around spam/malware filters.

  4. Anonymous Coward

    "It's 2016, and Microsoft Office macros are still a viable infection vector: "

    "It's 2016, and people blindly ignoring all the fucking warnings are still a viable infection vector:"


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021