Microsoft Security Intelligence alerted that ransomware ‘Avaddon’ which uses Excel 4.0 macros is targeting the malicious mails. The mails contain attachments which initiate attack when opened in any version of Excel file.
The ransomware emerged early in June through a massive spam campaign that randomly targeted the victims. Patterns have identified that ransomware targets Italian users.
As BleepingComputer reports, the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto.
The attack commonly impersonates officials from Italy’s Labor Inspectorate. Messages alert small businesses to alleged work violations during “a period of crisis,” referring to the COVID-19 pandemic.
“While an old technique, malicious Excel 4.0 macros started gaining popularity in malware campaigns in recent months. The technique has been adopted by numerous campaigns, including ones that used COVID-19 themed lures.”
Avaddon’s messages warn about pending legal actions which will be taken if the user does not open the malicious document, according to a CoinTelegraph report.
A cybersecurity firm, Proofpoint, shows recent increase in email-based phishing attacks used to deliver ransomware.