A cloud ransomware threat was recently discovered by Proofpoint. This cloud ransomware threat targets both Microsoft OneDrive and Microsoft SharePoint. Proofpoint, performing regular cybersecurity research, found this vulnerability and reported on it. This particular threat will encrypt your data stored in the cloud, while minimizing your chances to recover it from previously saved versions.
In this case, a cyber criminal will gain access to your account, typically through social engineering. Once they have access, they have control over all of your files in OneDrive or SharePoint. They will then change the amount of versions saved to your cloud drive. For example, the cybercriminal can change the amount of versions saved to “1” or to whatever selected number they desire. They will then encrypt your data more times than you have versions available. This means, you cannot recover from a previous version, as all previous versions are now encrypted.
What you can do
One of the best things you can do is in your Office365 admin account, enable multifactor authentication for all of your users. Multifactor is one of the best tools to minimize unauthorized account access, even when successfully phished. The hacker may have your username and password, but they lack the additional credential required to access the account.
It is also recommended to increase the amount of versions your documents can have, in an effort to minimize the likelihood of encrypting all versions. You should also revoke any suspicious third party apps from having access to your Office 365 accounts. Lastly, look for any suspicious activity by your users.
With more small businesses moving to the cloud, cybercriminals will continue to look for new ways to attack your business data, even if it is saved “safely” in the cloud. It is important to remember that just because it is in the cloud, does not mean there are no cybersecurity concerns.
For more on cybersecurity threats to your small business check out Small Business, Big Threat!