On July 3, the Microsoft Security Intelligence sent out an alert to its users. A type of ransomware by the name of Avaddon was sent through malicious emails. It uses Excel 4.0 macros. The emails include an attachment that sets up an attack when opened in any of the Excel versions.
As a new type of ransomware, Avaddon emeged in June through a huge spam campaign that targeted victims at random. There are some patterns with the attacks. It seems that the ransomware mostly targets users in Italy. The attackers recruit affiliates to spread the ransomware. The ransom amount averages $900, and it is only payable in cryptocurrency.
The reports suggest that the ransomware distributors are impersonating Italian government officials. It makes it look like a government figure from Italy's Labor Inspectorate agency are sending out alerts to small businesses for supposed violations during the COVID-19 pandemic. The messages include a term called period of crisis or crisis period, depending on the version sent.
On Twitter, Microsoft said that this is an old technique. Using Excel 4.0 macros became popular a few months ago. The technique has been used by a multitude of ransomware campaigns. These scams include terminology that lures in business owners and individuals with the use of COVID-19 themes. In particular, Avaddon has a message about a pending legal action taken by the government if the user fails to open the document.
So far, there is a considerable number of victims. There is also a related increase in phishing attacks via email that are used to deliver ransomware to a person or business. Just a few days ago on July 1, there was a report of a new piece of ransomware that was attacking MacOS users who use popular Torrent apps illegally. This attack's name is called EvilQuest. I was first reported by a researcher who works at K7 Lab. As a malware specialist, Dinesh Devadoss identifies new attacks and alerts the public about them in order to mitigate their effects. As always, do not open an email with an attachment if you don't recognize the address.