Microsoft & Google unable to detect new zero-day ransomware

null

As organisations have adopted cloud services to increase their productivity and agility, so to have hackers who see cloud services as the next big target for distributing malware and stealing sensitive data from businesses and individuals.

In its latest research report titled “Malware, P.I., Tracking Cloud Infections”, the cloud access security broker Bitglass has identified a new strain of ransomware that is able to elude detection from a majority of anti-virus (AV) engines and well-known cloud applications including Google Drive and Microsoft Office 365.

Working together with the data protection company Cylance, the firm was able to identify a new strain of the Gojdue ransomware on the dark web dubbed ShurL0ckr.  This ransomware-as-a-service operates in a similar way to the popular Satan ransomware and the hackers who deploy it pay a percentage of the funds it collects from victims to its author after creating and distributing a ransomware payload that encrypts users' files. 

Both Google Drive and Microsoft Office 365 were unable to identify ShurL0ckr.  Bitglass also utilised the service VirusTotal to see if 67 of the top malware engines could detect the new strain ransomware contained within a file and only seven percent of the AV engines were able to successfully do so. 

VP of Product Management at Bitglass, Mike Schuricht highlighted how hackers have turned to cloud applications as a new means of distributing malware, saying: 

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism. Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.” 

Staying safe in the cloud is no easy task and inventive hackers will always find a new way to distribute malware and ransomware.  However, now that the ShurL0ckr ransomware has been identified, security firms and cloud providers can better protect their customers from falling victim to it. 

Image Credit: Carlos Amarillo / Shutterstock