Picture yourself receiving a phone call from kidnappers saying that they have snatched your only child while demanding a ridiculous amount of money for their safety. Now imagine a similar scenario, but this attack is geared towards Microsoft Office 365 users, complete with a ransom note and an audio message informing victims that their files have already been encrypted. Here’s what Microsoft had to say about the situation:
Steven Toole, a researcher for the cloud-security firm Avanan, detailed that his company experienced the first attack at 6:44 a.m. on June 22nd. Another interesting fact is that at least 57 percent of all Microsoft Office 365 customers on Avanan’s platform received at least one phishing attempt that contained the infected attachment. While Avanan did extrapolate the number of Office 365 users involved, the exact number has yet to be revealed.
This is particularly interesting since according to Microsoft’s first quarter reports in 2016, there are over 18.2 million Office 365 subscribers worldwide. On top of the global scale in which the attacks took place, it took Microsoft over 24 hours for the attack to be detected and for any attempts to block the attachment to be made.
Microsoft’s side of the story shares many similarities with slight differences on the detection and actions made about the ransomware attack. In an email to SCMagazine.com, the spokesperson wrote:
"Office 365 malware protection identified the attack and was updated to block it within hours of its origination on June 22. Our investigations have found that this attack is not specific to Office 365 and only a small percentage of Office 365 customers were targeted, all of which have been protected."
The point is Office 365 was compromised, regardless of how quickly it was detected - many people were asked for a ransom and were told that their files have already been encrypted. Still wanting to come across as polite, the ransom came with an audio recording that detailed what the attack was and what measures must be taken in order to regain access to the files. The unknown attacker asked for a ransom of 1.4 bitcoins or an equivalent of $500 in exchange for the decryption key.
Toole noted that “This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year," He also added that "As it respawned into a second life, this time Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.”
This proves that cyber criminals go to great lengths to not only use their tools but to improve on them and eliminate flaws. So no matter how many firewalls, passwords or fire-breathing dragons you have to guard your servers and networks, without the right network security measures in place, chances are they’ll manage to find a way to overcome the hurdles and wreak whatever havoc they can.
Network security isn’t something to be taken lightly, if you are unsure about how safe or how capable your systems are in fending off cyber threats - get in touch with us. Our experienced and friendly staff will help you with any ransomware or security-related issue you have.