Zero-Day Ransomware Targets Office 365 Users

Zero-Day Ransomware Targets Office 365 Users
Cerberus, the 3-headed guard dog of Hades.  Image courtesy of

Cerberus, the 3-headed guard dog of Hades. Image courtesy of

A zero-day ransomware virus is currently targeting Microsoft Office 365 users. The virus arrives as an attached .ZIP or .DOTM file. Do not open the attachment as it will activate the virus which encrypts your data then demainds a $500 ransom.

The attachment may be a .DOTM or .ZIP file.  The ZIP file is a compressed file which may contain the .DOTM file. The .DOTM file is a Microsoft Word Macro Template which appears to users as a regular MS Word file. When the Word file is opened, the MS Word application will initially block the macro from running a display a notice "SECURITY WARNING Macros have been disabled" alongside an "Enable Content" button. The criminal includes instructions in the Word document which attempts to lure the user into clicking the "Enable Content" button. Clicking the button will activate the ransomware virus which will encrypt files on the local hard drive and network drives. The ransom to decrypt the files is about $500US.

This ransomware virus is called Cerber.  Cerberus is the monstrous three-headed dog who guards the gates of the underworld of Hades, according to Greek mythology.

User Action

As always, be very suspicious of any email attachment you receive. Do not open any attachment you were not expecting regardless if it from someone you know or not.

If you open the Microsoft Word attachment inadvertently, DO NOT click on the "Enable Content" button.  This will activate the virus.

There is no current method to decrypt the files so data will need to restored from your data backup.  We do not recommend paying the ransom as this just incentives the criminals to continue to make more ransomware viruses.

More information about this virus can be found here.