February 9, 2018 by

Google, Microsoft Fail to Detect New ShurLOckr Ransomware Strain

Security researchers have discovered a new strain of Godjue ransomware, dubbed ShurLOckr, that eludes the built-in malware protection of Microsoft Office 365 and Google Drive, two major cloud platforms.

Researchers at Bitglass have unveiled details of a new strain of ransomware, ShurLOckr, a ransomware-as-a-service that operates in the same vein as the ‘Satan ransomware’ strain where hackers pay a percentage to the ransomware author after a payload that encrypts files on a disk is generated and distributed.

While ShurLOckr doesn’t deploy any unusually advanced evasion or obfuscation techniques, the “idea of targeting cloud applications (specifically enterprise file sharing)” makes the ransomware strain an infection that spreads successfully, revealed SoleBIT Labs co-founder Meni Farjon.

Remarkably, the ransomware crept undetected by Google Drive and Microsoft Office 365, two hugely popular cloud platforms with built-in malware protection. Further, only seven percent of an estimated 67 antivirus malware engines detected the ransomware upon scrutiny.

“To analyze the proliferation of malware in the cloud, the Bitglass Threat Research Team also scanned tens of millions of files, discovering a high rate of infection in cloud applications and a low efficacy rate for apps with built-in malware protection like Microsoft Office 365 and Google Drive,” researchers added.

Additionally, research revealed that 44% of companies that kept their files on the cloud also contained at least one malware infected file or application. Staggeringly, SaaS (software as a service) applications were affected at a more pronounced rate of one in three.

A regular company on average stores 450,000 files on the cloud, of which every 20,000th file is infected with malware.

The most commonly infected types of files on the cloud, as revealed by researchers are:

  1. Script and executable files – 42%
  2. MS Office documents – 21%
  3. Text, picture, and other files – 19%
  4. Windows system files – 10%
  5. Compressed files – 8%

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Fake SWIFT Service Emails Delivers Adwind Remote Access Trojan

An email phishing campaign has attempted to infect unsuspecting victims with the Adwind...

Read more arrow_forward

Tesla’s Cloud Account Hacked to Mine Cryptocurrency

Tesla’s cloud environment has been exploited by hackers who used the computational power to mine...

Read more arrow_forward

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward