Many state sponsored APTs are exploiting the 4 vulnerabilities, despite Microsoft patched them, to attack servers in USA, Europe, Asia and Middle East.
The cyber security experts built and spread a free drecryptor through the NoMoreRansom project. The malware could destroy some data irreversibly on purpose.
Organizations targeted in Austria, Belgium, Czech Republic, Denmark, France, UK, Germany, Italy, Netherlands, Spain, and U.S.. The attachments start the malware infection chain.
The malware infection chain is activated by the xls attachments. It contacts a link that downloads a PNG picture. This one is renamed as .exe and then executed.
Bleeping Computer cyber security experts: It exploit the double extortion scheme. Hhackers also steal unencrypted files and threaten victims to publish them on a data leak site.