Skip to content

Ransomware uses outdated Microsoft Excel macros to expose its attacks

July 4, 2020

Microsoft Security Intelligence warned its users of some kind of ransomware called Avaddon, which uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments that indicate an attack when opened in any version of Excel.

The Avaddon ransomware was created in early June by a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware is mainly aimed at Italian users.

Posing as Italian officials

As BleepingComputer reports, the attackers behind this ransomware recruit “partners” to distribute their harmful load. According to his analysis, the average repayment amount requested by Avaddon is around approximately USD 900 that must be paid in cryptocurrencies.

Ransomware uses outdated Microsoft Excel macros to expose its attacksRansomware uses outdated Microsoft Excel macros to expose its attacks

This attack is usually carried out as an official from the Italian Labor Inspectorate. Notices alert small businesses to alleged “work violations” during “a period of crisis” on the COVID-19 pandemic.

Microsoft said on his Twitter profile:

“While it was an old technique, malicious Excel 4.0 macros have become increasingly popular in malware campaigns in recent months. The technique has been adopted by numerous campaigns, including those using COVID-19 baits.

Avaddon’s messages warn of pending legal action if the user does not open the malicious document.

Numerous victims

A recent study by the cyber security company, Proofpoint shows a recent increase in email-based phishing attacks used to deploy ransomware.

On July 1, Cointelegraph reported that a new type of ransomware targets MacOS users who download illegal popular apps. The attack, known as EvilQuest, was first discovered by Dinesh Devadoss, a malware researcher at K7 Lab.