Adrian Johnson
TLDR:
- Russian group RomCom, known as Storm-0978, is exploiting a zero-day vulnerability in Microsoft Office to distribute ransomware.
- The ransomware encrypts files on Windows computers and demands a fee for decryption.
The Russian group RomCom, also known as Storm-0978, is using a zero-day vulnerability in Microsoft Office to distribute ransomware. This ransomware encrypts files on victims’ Windows computers and then drops ransom notes demanding payment for decryption. The campaign takes advantage of the CVE-2023-36884 vulnerability exploited through specially crafted Microsoft Office documents delivered via phishing techniques. The ransomware removes shadow copies, terminates MS SQL Server, and publishes stolen victim data on a data leak website. Various industries in multiple countries have been affected, and the group even has a Telegram channel for communication. It is crucial for organizations to keep their AV and IPS signatures up to date to prevent disruptions and potential data breaches.
