Ransomcloud: Ransomware Hits Office 365
Ransomware is a frightening form of malware. It can encrypt all your files and even your backups, making them useless. To get them back, you have to pay the people who put the ransomware on your machine, and even that may not help. Cloud backup protects against ransomware by putting your files where the attacker can't touch them. But what if ransomware could hit your cloud storage? It could happen. A proof of concept called Ransomcloud has shown it's possible.
Delivery by deception
Kevin Mitnick, a computer hacker and consultant who has worn both white hats and black ones over the years, shows in a YouTube demonstration how Ransomcloud works. It's disturbingly simple. No esoteric technological tricks are necessary to put it into operation. It depends only on users who are fooled too easily. The demo works with Office 365 email, but variations on the technique can work with many cloud services and many kinds of data.
The first step, as with many forms of malware, is an official-looking email message. It claims to be from Microsoft. If you click on the provided link, your anti-spam service will be updated and give you better protection. Supposedly.
When you click, Ransomcloud will prompt you to choose your account and authorize the application. It wants permission to sign in on your account, access all your data, read your contacts and calendars, send mail, and read and write your email. Once you grant it, the rest happens in seconds. You can see the subject lines on your mail change to tell you they've been encrypted. Open a message, and you'll see a meaningless jumble of text.
There's one new message, which isn't encrypted. It tells you what happened to your other messages and gives you instructions for making payment and getting the key to restore them. If you don't pay, everything in your inbox is gone.
The Ransomcloud demo doesn't involve paying any actual ransom. Mitnick has the decryption key, so he immediately demonstrates using it to restore the messages to their original state. If it were real ransomware, the victim would have to make a payment in Bitcoin, perhaps a few thousand dollars. Tracing the recipient is impossible.
Why it works
Technically, there's nothing very sophisticated about this scheme. It's just asking you for the keys to the front door. What it does once you hand them over is an easy task for any good Office 365 application programmer. Antivirus software won't stop it, since it's an authorized application.
You might think that you wouldn't be fooled by such a message, but you only have to be tricked once. The demo message was a simple one, but criminals know how to create convincing messages that will sneak past your guard. You do have to authorize the application, but people are used to giving all kinds of permission to apps, thanks to their smartphones. A real anti-spam application would need to read and write your mail. Some people are bound to be fooled.
So far there haven't been any reports of actual ransomware using this technique, but it's so simple that someone is bound to do it. The Ransomcloud technique isn't limited to Office 365. It can target any cloud platform where the user can install and run applications with email access. Other versions of the concept could hit files, databases, address books — anything.
Microsoft doesn't guarantee it can recover your messages. As a cloud service, Office 365 keeps multiple copies of your data, but it tries hard to keep them all up to date. Normally this is a good thing, but when ransomware scrambles your data, the scrambled version will quickly get onto the other copies.
You can hope you won't get a Ransomcloud-like message. You can hope that if you get one, you won't be fooled. But the risk is there. Even the experts occasionally fall for phishing messages. Be wary of any email message that offers a "software upgrade." That's not normally the way software publishers deliver upgrades. When in doubt, check the publisher's website.
With our Office 365 Backup, you get extra protection to keep you safe from such threats. ICS provides state-of-the-art security and offers comprehensive backup strategies for mailboxes. Your mail is always backed up.
Criminals want the biggest return for their effort, so they will target the big name cloud hosting providers. It's the same principle that applies to desktop computers. Malware authors focus most of their effort on Windows systems, largely leaving Mac and Linux systems alone. The big name providers don't offer the same level of backup which ICS gives you. Your service is fully managed, so there's no need to install upgrades or tell real ones from phishing attempts.
Contact us to learn how ICS Office 365 Backup services can make your email easier to manage and more secure, and to find out about all the managed services we offer.
Our Credentials and IT Services:
- Award Winning (MSP Mentor) Managed Services Provider
- Microsoft Silver Certified Partner & Small Business Specialist
- Managed IT Security Services Bundled into Support Plans
- Your Local and Reliable New Jersey IT Consultants