Skip to main content

Microsoft & Google unable to detect new zero-day ransomware

(Image credit: Image source: Shutterstock/Carlos Amarillo)

As organisations have adopted cloud services to increase their productivity and agility, so to have hackers who see cloud services as the next big target for distributing malware and stealing sensitive data from businesses and individuals.

In its latest research report titled “Malware, P.I., Tracking Cloud Infections (opens in new tab)”, the cloud access security broker Bitglass (opens in new tab) has identified a new strain of ransomware (opens in new tab) that is able to elude detection from a majority of anti-virus (AV) engines and well-known cloud applications including Google Drive and Microsoft Office 365.

Working together with the data protection company Cylance, the firm was able to identify a new strain of the Gojdue ransomware on the dark web dubbed ShurL0ckr.  This ransomware-as-a-service operates in a similar way to the popular Satan ransomware and the hackers who deploy it pay a percentage of the funds it collects from victims to its author after creating and distributing a ransomware payload that encrypts users' files. 

Both Google Drive and Microsoft Office 365 were unable to identify ShurL0ckr.  Bitglass also utilised the service VirusTotal to see if 67 of the top malware engines could detect the new strain ransomware contained within a file and only seven percent of the AV engines were able to successfully do so. 

VP of Product Management at Bitglass, Mike Schuricht highlighted how hackers have turned to cloud applications as a new means of distributing malware, saying: 

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism. Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.” 

Staying safe in the cloud (opens in new tab) is no easy task and inventive hackers will always find a new way to distribute malware and ransomware.  However, now that the ShurL0ckr ransomware has been identified, security firms and cloud providers can better protect their customers from falling victim to it. 

Image Credit: Carlos Amarillo / Shutterstock

Anthony Spadafora
Anthony Spadafora

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.