Security researchers have discovered a new strain of Godjue ransomware, dubbed ShurLOckr, that eludes the built-in malware protection of Microsoft Office 365 and Google Drive, two major cloud platforms.
Researchers at Bitglass have unveiled details of a new strain of ransomware, ShurLOckr, a ransomware-as-a-service that operates in the same vein as the ‘Satan ransomware’ strain where hackers pay a percentage to the ransomware author after a payload that encrypts files on a disk is generated and distributed.
While ShurLOckr doesn’t deploy any unusually advanced evasion or obfuscation techniques, the “idea of targeting cloud applications (specifically enterprise file sharing)” makes the ransomware strain an infection that spreads successfully, revealed SoleBIT Labs co-founder Meni Farjon.
Remarkably, the ransomware crept undetected by Google Drive and Microsoft Office 365, two hugely popular cloud platforms with built-in malware protection. Further, only seven percent of an estimated 67 antivirus malware engines detected the ransomware upon scrutiny.
“To analyze the proliferation of malware in the cloud, the Bitglass Threat Research Team also scanned tens of millions of files, discovering a high rate of infection in cloud applications and a low efficacy rate for apps with built-in malware protection like Microsoft Office 365 and Google Drive,” researchers added.
Additionally, research revealed that 44% of companies that kept their files on the cloud also contained at least one malware infected file or application. Staggeringly, SaaS (software as a service) applications were affected at a more pronounced rate of one in three.
A regular company on average stores 450,000 files on the cloud, of which every 20,000th file is infected with malware.
The most commonly infected types of files on the cloud, as revealed by researchers are:
- Script and executable files – 42%
- MS Office documents – 21%
- Text, picture, and other files – 19%
- Windows system files – 10%
- Compressed files – 8%
Image credit: Pexels.