Data Breach Report

RansomCLoud

New ransomware on the horizon looks to attack your cloud platforms: RansomCloud What to Do Next

Ransomware is now one of the biggest software security threats out there. Its meteoric rise as the cybercriminals' malware of choice was so rapid, the number of ransomware victims increasing 250 percent in 2017, following a shocking 550 percent increase in 2016. Which is why a good backup strategy is key to protecting your business and personal Data.

One thing about ransomware that's so appealing to cybercriminals, aside from its profitability, is its adaptability. It's constantly evolving, as cybercriminals change their code to suit their needs and to elude security software.

We typically think that ransomware only attacks local computer files like your documents, photos, and email archives. Cloud email services should be immune, right? Think again! This newly developed ransomware strain might change everything you know about this costly threat.

RansomCloud Ransomware that encrypts your Cloud email

A new ransomware strain dubbed as "ransomcloud" has been developed and it can encrypt online email accounts like Office 365 and Gmail in real-time. Why is this significant? Because it means even your online email accounts are now in danger of being locked out by cybercriminals.

The new ransomware strain was reportedly developed by a white hat hacker associate of Kevin Mitnick, Chief Hacking Officer of cybersecurity company KnowBe4.

Similar to other methods of ransomware infections, cybercriminals can trick victims into installing the malicious software with phishing scams loaded with poisoned attachments or links.

In one demonstration, the attackers used a phishing email disguised as a new anti-spam service from Microsoft called "AntiSpam PRO."
















As soon as the victim clicks the link and accepts the "service" by logging into his or her cloud email account and granting the fake app the permissions it needs, it will then encrypt all your online emails and attachments in real-time! Quite scary, indeed.



This attack will likely work with any cloud email service, such as Gmail and Outlook365, that allows third-party apps control over the account via an authorization system called OAuth.

Check out the video below for the demonstration:



Thankfully, this is just a proof of concept attack for now and this scary ransomware strain is still not out in the wild yet. This means that so far, there's no evidence that the bad guys are publicly exploiting it.

However, KnowBe4 warns that Cloud email attacks like this are now imminent since there's proof that it can be done. This strain may have been developed and demonstrated by a white hat hacker (the good guys) but this means that black hat hackers (the bad guys) can do it too.

What you should do now

As you can see, ransomware is constantly evolving and cybercriminals can find new ways to be a step ahead and attack even your online email accounts.

Since the "ransomcloud" demo shows that this strain can be spread via phishing scams, here are basic tips to protect yourself against such attacks:

Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.

Beware of granting permissions - Cybercriminals always abuse our trust in apps. They will always try their best to trick you into granting them access via deception and social engineering tricks. Always review what permissions an app is asking for and always scrutinize

Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Typically, there are signs that give away the fact that an email is fake. Can you spot one. Would you like to test your business? We can provide an anonymos test to see how many of your employees fall victim. Contact us through our form or submit a request through our ticketing portal for current 7th Di Customers

Use multi-level authentication - When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.

Ready to Grow Your Business?

Don't let your IT limitations hold you back. Learn how 7Th DI can help you grow, and read more about our Free Network Assessment

get started