Ransomware uses malicious macros to infect target systems
A new study reveals that 87 percent of the ransomware found on the dark web can be delivered via malicious macros in order to infect targeted systems.
The research from Venafi, in partnership with criminal intelligence provider, Forensic Pathways, looked at 35 million dark web URLs and forums to uncover a thriving ransomware community with highly damaging macro-enabled strains readily available.
The use of macros to automate common tasks in Microsoft Office helps people to be more productive. However, attackers can use this same functionality to deliver malware, including ransomware. In February Microsoft announced that macros would be disabled by default but has since backtracked.
"Given that almost anyone can launch a ransomware attack using a malicious macro, Microsoft's indecision around disabling of macros should scare everyone," says Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. "While the company has switched course a second time on disabling macros, the fact that there was backlash from the user community suggests that macros could persist as a ripe attack vector."
The study also uncovered 475 webpages of sophisticated ransomware products and services, with several high-profile groups aggressively marketing ransomware-as-a-service. It also found 30 different 'brands' of ransomware identified within marketplace listings and forum discussions.
Those strains of ransomware used in high-profile attacks command a higher price for associated services. For example, the most expensive listing was $1,262 for a customized version of the Darkside ransomware, which was used in the Colonial Pipeline attack of 2021.
There are also a wide range of services and tools that help make it easier for attackers with minimal technical skills to launch ransomware attacks. Services with the greatest number of listings include those offering source code, build services, custom development services and ransomware packages that include step-by-step tutorials.
"Ransomware continues to be one of biggest cybersecurity risks in every organization," adds Bocek. "The ransomware attack on Colonial Pipeline was so severe that it was deemed a national security threat, forcing President Biden to declare a state of emergency."
You can find out more on the Venafi blog.