Won't the user just need to click 'previous version' and get back the unencrypted files? Doesn't O365 automatically keep the older versions for you?
It's 2016, and Microsoft Office macros are still a viable infection vector: security outfit Avanan says it's spotted a week-long, large-scale malware attack against Office 365 users. The campaign began on June 22, and Microsoft started blocking the malicious attachment on June 23. Avanan says the attackers tried to send …
"Any users infected found their LOCAL files covered with AES-256 encryption and confronted with a 1.24 Bitcoin demand for decryption. ®"
FTFY. O365 is just the means of delivery.
The interesting thing here is how they've targeted such a large number of O365 orgs. We're migrating, but still using local relays and internal forwarding, so DNS probes won't show we've got O365 MX servers. That said, to my knowledge we haven't had one of these (get through at least anyway).
It does seem rather suspicious that the screenshot shows Office 2007, which isn't supported with Office 365, and the 53% would seem to the number of customers of Avanan's security suite in front of Office 365.
No customers quoted who were actually impacted.
Sounds like a FUD post by a security vendor offering a solution to this problem, not a credible source.
The recent flurry of this style of emails is real and I agree this isn't about O365 per sa.
I received one in the form of a Vat Return:
What is particularly interesting is how the attack uses social methods to gets around spam/malware filters.
Biting the hand that feeds IT © 1998–2020