Researchers have discovered a new strain of the Cerber ransomware targeting Office 365 users. The variant, discovered by Trend Micro, is part of a trend of new ransomware that targets victims using cloud platforms..
The new strain bypasses Microsoft's security measures that protect Office 365 and Office applications locally by attaching malicious Office documents containing macros to spam emails, according to a Trend Micro blog post. Enabling the macro in the document “will drop a VBS-coded Trojan downloader (VBS_CERBER.CAD) which then fetches RANSOM_CERBER.CAD from the malicious URLs,” the post stated.
The development follows this week's discovery of cuteRansomware, a new ransomware strain that uses a Google Doc to host the decryption key and command-and-control functionality.
Ed Cabrera, chief cybersecurity officer at Trend Micro, said ransomware attacks increasingly use cloud-based applications precisely because they are essential to everyday business operations.
In March, Trend Micro researchers discovered the Petya ransomware using documents stored on Dropbox and other cloud storage sites to infection victims.
The Cerber strain uses increased sophistication to evade detection, he told SCMagazine.com. Ransomware developers “are pushing into the applications that we use daily, quite aggressively,” Cabrera said, speaking with SCMagazine.com. “They are going to be moving more and more into the cloud as we do.”
Cabrera sees the sophistication and prevalence of ransomware as a growing threat. The “extreme functionality can easily be adopted by hacktivists groups,” he said. “It's essentially here to stay.”