Ransomware ‘Avaddon’ Uses Excel 4.0 Macros To Distribute Malicious Mails

Microsoft Alerts: Avaddon Ransomware Exploits Excel 4.0 Macros in Phishing Campaigns

Microsoft Security Intelligence has issued an urgent alert about a new wave of Avaddon ransomware attacks. The ransomware uses Excel 4.0 macros in malicious emails to compromise victims’ systems. This sophisticated campaign primarily targets users in Italy, leveraging fear-inducing messages tied to COVID-19 to lure victims.

How Avaddon Ransomware Operates

The ransomware emerged in June 2024, delivered through massive spam email campaigns. Here’s a breakdown of how it works:

1. Malicious Email Lures

• The emails impersonate officials from Italy’s Labor Inspectorate.
• Victims are accused of workplace violations during the COVID-19 crisis.
• Messages warn of legal action if recipients fail to open the attached Excel document.

2. Exploiting Excel 4.0 Macros

• Attachments contain Excel 4.0 macros—a technique gaining popularity in malware campaigns.
• When the file is opened, macros execute malicious scripts, enabling ransomware installation.

3. Ransom Demands

• Victims’ data is encrypted, and attackers demand an average ransom of $900 in cryptocurrency, according to BleepingComputer.

Why Excel 4.0 Macros Are Dangerous

Despite being an older feature, Excel 4.0 macros are increasingly favored by attackers. They exploit:

• Compatibility with all Excel versions, making it harder to detect malicious scripts.
• A lack of modern security features, unlike VBA macros.

Target Audience: Small Businesses in Italy

Reports suggest Avaddon primarily targets Italian users, especially small businesses. This demographic is particularly vulnerable due to:

• Limited cybersecurity awareness.
• A higher likelihood of falling for official-looking correspondence.

Growing Threat of Email-Based Phishing

Proofpoint, a cybersecurity firm, has noted a significant rise in phishing campaigns used to deliver ransomware. Avaddon’s campaign exemplifies this trend by exploiting current events like the COVID-19 pandemic to deceive users.

Microsoft’s Warning:
“While an old technique, malicious Excel 4.0 macros started gaining popularity in malware campaigns in recent months. The technique has been adopted by numerous campaigns, including ones that used COVID-19-themed lures.”

How to Stay Protected

Follow these steps to guard against ransomware like Avaddon:

1. Avoid Opening Unknown Attachments

• Be cautious with email attachments, especially those claiming legal or urgent issues.
• Verify the sender’s authenticity before opening any files.

2. Disable Macros in Excel

• Go to File > Options > Trust Center > Trust Center Settings > Macro Settings and select “Disable all macros.”

3. Use Robust Cybersecurity Solutions

• Deploy anti-malware software capable of detecting and blocking malicious macros.

4. Backup Critical Data

• Regularly back up your data to prevent total loss in case of an attack.

5. Educate Employees

• Train staff to identify phishing emails and understand the risks of ransomware.

Conclusion

The Avaddon ransomware campaign highlights the growing sophistication of cyberattacks, using old techniques like Excel 4.0 macros in new and devastating ways. Protecting yourself involves a mix of vigilance, updated software, and robust cybersecurity practices.

Stay informed and proactive to keep your systems safe from evolving threats like Avaddon.

To learn more about the innovative startups shaping the future of the crypto industry, explore our article on latest news, where we delve into the most promising ventures and their potential to disrupt traditional industries.