How Cerber Ransomware is Tricking Office 365 Email Users

How Cerber Ransomware is Tricking Office 365 Email Users

Earlier this year, a nasty form of malware, widely known as Cerber ransomware – most likely named after the three-headed mythical beast, Cerberus – was discovered. In March, MalwareBytes referred to the strain as “new, but mature.” Its peculiarities include the ability to continue encrypting files in offline mode, the fact that it will terminate itself if the infected computer is found to be from certain countries, the Latin quote Quod me non necat me fortiorem facit” (That which does not kill me makes me stronger) at the bottom of the ransom note, and most jarring of all, an audio message telling victims that their files have been encrypted.

Office 365 Email Users Targeted : How Cerber Works

Millions of users use the Office 365 suite. In Late June, it was reported that Cerber had infected over 10 million Office 365 email users. According to Dark Reading’s Ericka Chickowski, Cerber has repeatedly adjusted its infection methods to maintain its viability as a ransomware strain to be wary of. The malware hides as a macro inside of a Word document that, once executed, begins to do its work. Upon trying to open an encrypted file, a victim will hear the following recording:

“Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted!”

The hackers request a ransom of 1.4 bitcoin, which is approximately worth $500, according to SC Magazine online editor Doug Olenick. While an exact number of victims has not been identified, researchers’ estimates have been in the tens of millions. One cloud security provider noted that as many as 57 percent of its clients using Office 365 email were infected.

Getting Back on Track

Cerber hides in Word documents, locks up your files and dangles the key in front of you.

Office 365 users who managed to walk away from this one unscathed may be in the clear, as Microsoft claimed to have updated its malware protection for Office 365 to detect the threat, according to Olenick. That said, Cerber is hardly the first strain of ransomware to go viral, and it won’t be the last. To make yet another allusion to Greek mythology, the threat of ransomware is not unlike the head of the Hydra. Just when you think you’ve cut it off, three more spring up.

Organizations would be remiss to put off strategizing defense and response methods for ransomware. A popular preventive measure is the usage of anti-executable solutions, that can help prevent unauthorized programs from executing on systems. While for particularly sneaky strains, like Cerber, it may not always be possible to stop the attack from deploying. In these situations, an additional layer like Faronics Deep Freeze can be a huge lifesaver. With its reboot to restore functionality, Deep Freeze can restore the ‘golden state’ of system configurations with a simple reboot, effectively wiping out unwanted changes  to the system.

You might not always be able to prevent ransomware, but with a ‘Reboot to Restore’ solution, you can get back on track & resume operations quickly.

About The Author

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape and windows technologies like steady state alternative that change our lives, and what we can expect in the future.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.