Unusual Ransomware Strain Encrypts Cloud Email In Real-Time
By Roger Murray | January 16th, 2018
A white hat hacker recently developed a working “ransomcloud” strain that encrypts cloud email accounts like Office 365 in real-time. A scary thought when so many organizations trust the cloud and software manufacturers like Microsoft to keep their information secure. KnowBe4’s Chief Hacking Officer Kevin Mitnick has produced a live demo to watch the ransomware work below.
According to Kevin, the proof of concept has been around for a while, and is on the horizon; because if a white hat can create it, so can a black hat. This strain uses a smart social engineering tactic to trick the user into giving the bad guys access to their cloud email account, with the appearance of a “new Microsoft anti-spam service”. Once the user clicks “accept”, all email and attachments are encrypted in real-time! The ransomcloud attack will work for any cloud email provider that allows an application giving control over the email via oauth. With Google it will work if the app passes their verification process. Outlook 365 doesn’t verify the app at this point, so it makes Microsoft users much more vulnerable to this type of attack.
Watch the Demo Here:
What Kevin recommends near the end of the video: “Stop, Look, & Think before you click on any link in an email that could potentially give the bad guys access to your data” is now truer than ever.