Ransomware Targets Outdated Microsoft Excel Macros to Deploy Attacks

Microsoft Security Intelligence notified users of a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails include attachments which initiate an attack when opened in Microsoft Excel.

Excel 4.0 macros are being exploited by the Avaddon ransomware https://t.co/H3ucicky8n

— Cointelegraph (@Cointelegraph) July 3, 2020

Avaddon ransomware surfaced in the beginning of June via a huge spam campaign that randomly targeted its victims. According to some patterns, the ransomware usually targets Italian users.

As per reports, the attackers behind the ransomware are hiring “affiliates” to distribute the payload. Avaddon’s average ransom amount is around $900, paid in cryptocurrency.

The attack usually imitates officials from Italy’s Labor Inspectorate. Messages notify small businesses of supposed work violations during the Coronavirus epidemic.

Microsoft recently tweeted that malicious Excel 4.0 macros have started gaining more popularity in malware campaigns in recent months. The technique has been adopted by a number of campaigns, including ones that used Coronavirus themed lures.

Avaddon’s messages inform about pending legal actions, which will be taken if the user does not open the malicious document.

According to a recent study by cybersecurity firm, Proofpoint, an increase in the number of email-based phishing attacks used to deliver ransomware has been reported.