A new type of ransomware is coming for cloud email inboxes. While this particular strain was developed by white hat hackers and hasn't been seen in the wild yet, it's a wake-up call for those who use cloud-based email services like Gmail or Exchange. According to KnowBe4, this kind of ransomware relies on social engineering to deceive users into giving hackers access to their email account.
What To Look For
The method starts by sending a branded email that promises a Microsoft anti-spam service. When the user clicks on the email to install the service, they instead receive a ransomware payload that encrypts all of their emails and attachments in real time.
This attack, called "ransomcloud" will work for any cloud email provider that allows a third-party application control over the email via OAuth. With Google, this will work if you get the app past their verification process. Office 365 doesn't verify the app at this point, so it makes an attack like this much easier.
What To Do
As always, it's important to educate your users to double and triple check any attachments or links before they click on them. If it seems suspicious, tell users to err on the safe side and send it to the IT department for help or delete the email.
For more tips on how to spot a phishing email and avoid falling victim to these common attacks, please view Phishing Attacks: How To Identify & Avoid Them and Social Engineering Red Flags. Should the worst case scenario occur, a full back-up of your environment is necessary to avoid costly business downtime. Learn how Cloud Protect for Office 365 or G Suite can help get you back to business fast after a ransomware attack in the cloud.
Sources:
