Avaddon Targets All-Versions Of Microsoft Excel To Deploy Attack

July 4, 2020      Jyoti Singh

Microsoft Security Intelligence recently informed its users about Avaddon, a type of ransomware which sends malicious emails while using Excel 4.0 macros. The emails have an attached file which attacks the system after it is opened in any version of Excel.

Main Victims Are Italians

In June 2020, a massive spam campaign was started in which the hacker used the Avaddon ransomware to randomly target the victims.

After the investigation, some of the patterns of hacking shows that this ransomware mostly targets Italian users.

According to Bleeping Computers, the attackers wanted to spread the payloads, therefore, they started recruiting affiliates. BleepingComputers further reported that the average ransom amount of Avaddon is at least $900 which should be paid in crypto.

When the ransomware attacked user, it acted as an official from Labor Inspectorate of Italy. It sends a message alert to small businesses system alleging work violation during this COVID-19 pandemic.

While informing its users, Microsoft tweeted, “While an old technique, malicious Excel 4.0 macros started gaining popularity in malware campaigns in recent months. The technique has been adopted by numerous campaigns, including ones that used COVID-19 themed lures”.

Avaddon Acts As An Official

The message sent by Avaddon to the users was basically a warning regarding the pending legal actions. The ransomware threatened the users by stating that if they do not open the malicious document then the officials would take action against them.

Recently, a cybersecurity firm Proofpoint released a report stating that in the recent time, email-based phishing attacks, which deploy ransomware, have increased.

On July 01, a report mentioned that new ransomware, known as EvilQuest, has recently arrived. This attack mainly targets those macOS users who download installers through torrent files. Dinesh Devadoss, K7 Lab Malware researcher, is the first person who spotted this attack. Additional, it has been stated that this attack is not so old, it has been active since June 2020.

Articles You May Read.

Jyoti Singh
Jyoti Singh

Jyoti is a graduate from GGSIPU and has done her PG Diploma in English Journalism from IIMC. Presently, she is working as a content writer with Agio Support Solution Pvt. Ltd. Her aim is to provide informative content about cryptocurrency and blockchain, to the tech-enthusiasts.