CyberWisdom Safe Harbor Commentary on Shurl0ckr. Zero-day Ransomware:
As businesses have adopted cloud services to increase their productivity and agility, hackers view cloud services as their next important goal of distributing malware and stealing sensitive data from businesses and individuals.
Undetected Shurl0ckr. Zero-day ransomware:
Both Google Drive and Microsoft Office 365 have built-in malware protection, but failed to identify a new Gojdue ransomware called the Shurl0ckr. Zero-day ransomware sidestepped most of the major anti-virus platforms: only 7% of 67 test tools detected it.
Researchers at the Bitglass Threat Research team discovered Shurl0ckr while scanning malware in the cloud. It is recognized by Cylance as a form of ransomware-as-a-service.
Shurl0ckr works the same way as Satan ransomware. Hackers create ransomware payloads and distribute them through phishing or driver downloads. Malicious software encrypts files on disk in the background until the victim pays bitcoin ransom. Hackers pay authors a certain percentage.
To analyze the proliferation of malware in the cloud, Bitglass Threat Research also scans tens of millions of files and finds high rates of infection in cloud applications. For applications with built-in malware protection, such as Microsoft Office 365 and Google Cloud hard disk.
Mike Schuricht, vice president of product management, said: “Malware is always a threat to the enterprise, and cloud applications are an increasingly attractive distribution mechanism. “Most cloud providers do not provide any malware protection and those efforts to detect zero-day threats.Only an artificial intelligence-based solution to discover new malware and ransomware to ensure cloud data security.”
Bitglass threat research highlights Shurl0ckr. Zero-day ransomware Capability:
- A new kind of ransomware goes to the cloud near you: Bitglass Threat Research Group found a new Gojdue ransomware on the dark network and tested built-in malware protection for Google Drive and Microsoft Office 365. The ShurL0ckr, ransomware-as-a-service functions in much the same way as the widely-spread Satan ransomware. Generate and distribute the ransomware load on the encrypted disk file, the hacker to pay a certain percentage of the author.
- Native Cloud AV can not detect zero-day malware: Both Google Drive and Microsoft Sharepoint can not detect ShurL0ckr ransomware using their built-in threat engine. When scanning antivirus engines, only 7% or one-fifth detect malware – one of them is Cylance, which protects Bitglass customers.
- Malware spreads in the cloud: 44% of the organizations being scanned have some form of malware at least in one of its cloud applications.
- Malware can not be distinguished and all SaaS applications suffer: on average, one-third of SaaS application company instances contain malware. Among the four major SaaS applications OneDrive, Google Drive, Box and Dropbox,
- Microsoft OneDrive has the highest infection rate of 55%. Google Drive had the second highest infection rate with 43% affected, followed by Dropbox and Box, at 33%.
- Which file types are malware disguised? : Bitglass identifies the first five file categories by infection rate. Scripts and executables that launch malicious applications by clicking the button (42%) are the most common types of infected files. Most users trust Microsoft Office files open without hesitation, with the second most common business file type (21%).
By Anthony Spadafora an hour agoNews As organisations have adopted cloud services to increase their productivity and agility, so to have hackers who see cloud services as the next big target for distributing malware and stealing sensitive data from businesses and individuals. In its latest research report titled “Malware, P.I., Tracking Cloud Infections”, the cloud access security broker Bitglass has identified a new strain of ransomware that is able to elude detection from a majority of anti-virus (AV) engines and well-known cloud applications including Google Drive and Microsoft Office 365. Working together with the data protection company Cylance, the firm was able to identify a new strain of the Gojdue ransomware on the dark web dubbed ShurL0ckr. This ransomware-as-a-service operates in a similar way to the popular Satan ransomware and the hackers who deploy it pay a percentage of the funds it collects from victims to its author after creating and distributing a ransomware payload that encrypts users’ files. Both Google Drive and Microsoft Office 365 were unable to identify ShurL0ckr. Bitglass also utilised the service VirusTotal to see if 67 of the top malware engines could detect the new strain ransomware contained within a file and only seven percent of the… Engaging post, Read More…
thumbnail courtesy of itproportal.com
New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive…. New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »