Steven Toole, a researcher for the cloud-security firm Avanan, blogged that his company saw the first attack roll in at 6:44 a.m. on June 22 and that at least 57 percent of all Office 365 customers received at least one phishing attempt that contained the infected attachment.
The files included a ransom note and an audio warning informing victims that their files were encrypted.
Toole said it took Microsoft more than 24 hours to detect the attack and start blocking the attachment. The attacker asked for a ransom totalling 1.4 bitcoin, or about $US500, for the decryption key.
He added that the attack was a variation of a virus originally detected on network mail servers in early March of this year.
This time Cerber was widely distributed after its originator was apparently able to confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account.”