microsoft office (2)

12924237658?profile=RESIZE_400xThe first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.

Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware.  This threat group i

11028928884?profile=RESIZE_400xIn early February of 2022, Microsoft announced that Internet Macros would be blocked by default to improve the security of Microsoft Office.  According to their blog published in late Feb 2023, this change began rolling out in some update channels in April 2022. Other channels followed in July and October 2022, with the final rollout in January 2023.[1]

Office uses a specific algorithm to determine whether to run macros in files from the Internet.  The process starts by checking the file attribu