Millions of Microsoft Office 365 users may have been targeted by a zero-day Cerber ransomware attack last month.
According to Avanan up to 57% of all the Microsoft Office 365 users on their platform had received a copy of the Cerber ransomware email into their corporate mailboxes during the attack.
The Cerber ransomware attack came in the form of a phishing email which contained an infected attachment and encrypted user’s files. The ransomware attack also included a note and an audio message informing of the attack and that a ransom of 1.4 bitcoin must be paid for the decryption key.
More worryingly it is also claimed that it took Microsoft over 24 hours to detect the attack and start blocking these attachments. They also suggest that the Cerber ransomware attack was a variant of the virus which emerged in March this year, however, this time around the scammers were able to easily bypass Microsoft Office 365’s built-in security layers through a private Office 365 account.
While the exact number of users possibly hit by the ransomware was not specified, Microsoft reported in its first quarter 2016 that there are almost 18.2 Million Office 365 subscribers.
Below is a screenshot of how the virus appeared to the targeted users:
Top tips on protecting yourself from Cerber ransomware:
- Keep your systems and anti-virus up to date at all times.
- Backup your files regularly to an external hard drive.
- Ensure you disable Macros in your Microsoft Office 365 programmes.
- Be particularly wary of spam and phishing emails from unknown sources and do-not open any attachments contained within these emails.
- Use a third party email filtering service which can work in conjunction with Microsoft Office 365 to provide you with greater levels of security, less spam and email continuity.
- Contact a trusted IT support services partner such as DB if you have any questions
When it comes to cloud services such as Microsoft Office 365 and Google Apps, it is considered IT Security best practice not to rely on a single vendor. In fact, adding more independent layers of security to your network will significantly reduce the risk of your organisation’s systems and data being compromised.
For more information on how to implement policies and procedures which can help prevent ransomeware attacks, call us on 061 480980.