Researchers from Bitglass, a cloud access security broker have discovered a new strain of ransomware named ShurL0ckr which targets cloud apps such as Google Drive, Microsoft Sharepoint, Skype and Telegram app. And what’s peskier in the discovery is that the ransomware can currently be detected by only 7% of Antivirus engines prevailing in the cyber landscape.
Bitglass researchers claim that cloud services such as Google Drive and Sharepoint have failed to detect the cyber threat which might help the ransomware authors spread ShurL0ckr to other applications on a PC.
When a malware hits a cloud app, there is a high probability that it can spread like fire as soon as it is downloaded or shared by clients.
“Presently, Google and Microsoft have just the ability to scan viruses and malware. But cannot detect or nullify a ransomware attack”, said Salim Hafid, security scientist at Bitglass.
Note- Salim is the same guy who led the research that eventually discovered Shurlocker ransomware. He added in his Twitter statement that the said ransomware is seen targeting only cloud applications, especially those which allow enterprise file sharing.
Another research carried out by Cylance, an American security software company discovered that ShurL0ckr also targets desktop communication apps such as Skype and telegram. As most cloud services providers do not supply advanced malware detection capabilities, ransomware developers have picked up the said stream as a perfect attack vector to infect corporate users on a massive scale.
Cylance claims that over 44% of organizations that were scanned had some form of malware in at least one of their cloud applications, with over 3rd of the corporate apps related to Software-as-a-service containing malware. The company notified that Microsoft OneDrive tops the list with an infection rate of 55% followed by Google Drive at 43% and Dropbox & Box- both balanced at 33%.
