Avaddon ransomware is exploiting Excel 4.0 macros to distribute malicious e-mails, as these e-mails contain attachments that deploy an attack when opened in any version of Excel.
It has been reported that Avaddon ransomware emerged in early June through a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware mostly targets Italian users.
However, BleepingComputer has reported that the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto.
Excel 4.0 macros are being exploited by the Avaddon ransomware https://t.co/H3ucicky8n — Cointelegraph (@Cointelegraph) July 3, 2020
It has been analyzed that the attack commonly impersonates officials from Italy’s Labor Inspectorate. Messages alert small businesses to alleged work violations during “a period of crisis,” referring to the COVID-19 pandemic.
Microsoft said in its Twitter profile:
“While an old technique, malicious Excel 4.0 macros started gaining popularity in malware campaigns in recent months. The technique has been adopted by numerous campaigns, including ones that used COVID-19 themed lures.”
Thus, Avaddon’s messages warn about pending legal actions that will be taken if the user does not open the malicious document.