There is a massive ransomware attack targeting Office365 users at the moment. Originating on the 22nd of this month, the attack used phishing emails to distribute the Cerber ransomware, which encrypts users’ files and demands a ransom to decrypt the files.
Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.
Microsoft started blocking the ransomware just over 24 hours after the attack was first launched, but in the meantime, researchers estimate that approximately 57 percent of all organizations using Office 365 received at least one email delivering the malware.
Security Awareness Training remains one of the most effective tools organisations have against these types of attacks and is a highly recommended method of improving security.