There seems to be a group of people targeting people using the Outlook.com and Office 365 platform. They are sending spoofed messages that are appearing to be coming from Microsoft to people on these services that appear as invoices. When you open up the documents they run code in the background that lets your run-of-the-mill ransomware launch to encrypt your documents.
This is not a flaw in these systems, just people that are being clever to bypass the filtering and target uninformed users. This is a fairly standard practice but it is becoming widespread on these platforms, primarily in Austraila right now.
I took the quote from the original article below but do note that this is not what anyone or myself would call “zero-day”. It is a standard practice for scammers to send out these to people in hopes that they will open them. It is just that in this case, they are targeting users on these specific platforms right now. Any user with an email address can receive these emails.
The ideal thing is to make sure you have working backups BEFORE you need them. This means local backups AND offsite. I personally have a small file server that I backup to and I also use a Cloud Backup service as well to offsite my important data. If you need help getting some sort of backup plan in place for your home or business please contact myself or your local IT person.
Original Article: News.Com.AU
Discovered by leading cyber security company Check Point, the particularly vicious “Zero-day” malware has widely spread across Office 365 — including Word, Excel, PowerPoint, Outlook and other applications.
Security analyst Raymond Schippers said cyber criminals were catching unsuspecting victims by asking them to open an invoice sent by email.
“The email sent to Office 365 users via Outlook gives the appearance of an invoice in the form of an Office document,” he told news.com.au
“When they go to open it, a message will appear telling people the document was created with a previous version of the software, so they will need to click something to enable the content.
“Users should not click the message as it will open up the ransomware, which will collect all of their files before asking for a payment to get them unlocked.”
Mr Schippers said the cyber criminals would ask for a couple of hundred Australian dollars to be paid, but under no circumstances should people comply.
“We are advising users to close the document and delete the email if they have opened it,” he said.
“If the message has been clicked and the ransomware installed, people should restore their computers from an available backup.”
Of course, Mr Schippers said this should be the last case scenario and reminded people that prevention was the best protection.
“People should ensure they keep regular backups of their computers, which should be stored offline. They should install a variety of protections types and should be more wary of suspicious content.”