Microsoft Office 365 and Google Drive – both have built-in malware protection – failed to identify a new form of Gojdue ransomware called “Shurl0ckr”.
The 0-day ransomware evaded most major antivirus platforms.
Point in case: only 7% of 66 tested tools were able to detect it.
Researchers at the Bitglass Threat Research team discovered Shurl0ckr during a scan of malware. It was then confirmed as a form of RaaS(aka ransomware-as-a-service) by Cylance group.
Shurl0ckr apparently works the same way as Satan ransomware. A hax0r creates a ransomware payload and distributes it via phishing or other nefarious means.
This malware then encrypts files on disk in the background until the victim pays a BTC(Bitcoin) ransom. Hackers often pay a percentage of the proceeds to the author.
The discovery was part of a larger study on malware in the cloud computing arena.
Researchers further discovered that over forty percent of businesses they had scanned had some form of malware in at least one of their cloud apps.
One in three corporate environment instances of SaaS apps were in fact infected with malware.
You can learn more about Shurl0ckr ransomware and more about the findings of the study on malware which lead to the discovery of this new 0-day threat, on the blog DarkReading.