Ransomware Targets Outdated Microsoft Excel Macros to Deploy Attacks

Avaddon ransomware is exploiting Excel 4.0 macros to deploy an attack against users.

Microsoft Security Intelligence alerted users to a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments which deploy an attack when opened in any version of Excel.

Avaddon ransomware emerged in early June through a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware mostly targets Italian users.

Impersonating Italian officials

As BleepingComputer reports, the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto.

The attack commonly impersonates officials from Italy’s Labor Inspectorate. Messages alert small businesses to alleged work violations during “a period of crisis,” referring to the COVID-19 pandemic.

Microsoft said in its Twitter profile:

“While an old technique, malicious Excel 4.0 macros started gaining popularity in malware campaigns in recent months. The technique has been adopted by numerous campaigns, including ones that used COVID-19 themed lures.”

Avaddon’s messages warn about pending legal actions which will be taken if the user does not open the malicious document.

Numerous victims

A recent study by cybersecurity firm, Proofpoint, shows a recent increase in email-based phishing attacks used to deliver ransomware.

On July 1, Cointelegraph reported that a new ransomware was targeting macOS users who illegally torrent popular apps. The attack, known as EvilQuest, was first spotted by K7 Lab malware researcher, Dinesh Devadoss.

About the author