Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

ITS San Francisco

By: ITS San Francisco on February 22nd, 2022

Print/Save as PDF

What is Ransomcloud? (& How to Avoid it)

Cybersecurity | Cloud

If you think you’re safe because your data is in the Cloud, think again. Your entire mailbox could be encrypted by clicking on a bad attachment. A ransomware strain dubbed as “Ransomcloud” encrypts your online email accounts like Office 365 and Gmail in real-time. This means that along with the emails on your computer, your online email messages can be encrypted. Learn more in this article.

Ransomware is a type of malware program that criminals use to lock or take control of your computer system files. Hackers attack and infect your computer with the intention of extorting money from you. The criminal demands a ransom (typically a few hundred dollars) to unlock it.

What is Ransomcloud?

Ransomcloud infects and locks your emails in the Cloud. It’s similar to other types of ransomware where the criminal tricks you with phishing scams that contain poisoned attachments or links.

encrypted email

A white-hat hacker developed the Ransomcloud strain that encrypts cloud email accounts like Office 365 in real-time.

This strain uses a smart social-engineering tactic to trick you into giving the bad guys access to your cloud email account. It does this under the ruse of a “new Microsoft Anti-spam service.” It uses social engineering to deceive you to gain control over your computer system.

Attackers are currently sending a phishing email disguised as the new Anti-spam service called Microsoft “AntiSpam PRO.” If you click the link and accept this service, it encrypts all of your online emails and attachments in real-time. It works with any kind of cloud email service, such as Gmail and Outlook365, that allows third-party apps to control your account via an authorization system called OAuth.

How "AntiSpam PRO" work

You’ll receive an email requesting that you accept a new application from Microsoft. This request seems appropriate, but it’s fake.

If you click 'Accept', cyber thieves will have complete control of your computer. The bad guy can now encrypt your emails in real-time and insert the ransomware into your cloud files. When this happens, you can read the header of your emails, but the content will be encrypted.

Next, you’ll receive an email that your messages have all been encrypted. The only way to recover your emails is to send the criminal $300 via Bitcoin.

What To Do?  Stop – Look – Think

person thinking

You must stop, look, and think before clicking on an email. If you don’t, your files on the Cloud could be encrypted. Ransomware is continually evolving as cybercriminals discover new ways to attack and gain access to your files (and now your email accounts).

Here’s how to protect against these kinds of attacks:

  • suspicous emailBeware of emails with suspicious links – If you get an email or notification that just doesn’t seem right, don’t click it. Instead, type the website’s address directly into your browser to see if it’s valid. And before clicking any link, hover over it with your mouse to see the real web address. If the site isn’t what the link claims, don’t click on it.
  • review accessBe careful when granting permissions – Cybercriminals will try to trick you into granting them access to applications. Review the permissions in your apps and be careful when accessing them.
  • typos in emailsWatch out for typos in emails – Phishing emails often contain typographical errors. When you receive an email or notification from a legitimate company, it shouldn’t contain typos.
  • multi-factor authentication-1Always use multi-factor authentication when available – This requires at least two forms of identification such as a password and a security question to log in to confidential accounts.

Other New Threats To Watch Out For

  • Ransomware-as-a-Service.  This allows hackers without much experience to use ransomware. For a few dollars, they can develop custom-designed ransomware attacks. They are also targeting Point-of-Service (POS) systems. These are on the rise, so stay alert.
  • Automated Phishing. Bots (software that perform an automated task over the Internet) are being used to send phishing and spear-phishing attacks where threat actors use a deep knowledge of potential victims to target them, and to tailor the attack. The bots make these difficult to detect.
  • Mobile Malware. These target smartphones and mobile users.
  • Search Result Tampering. On the increase. This is when you’re directed to a compromised website rather than a legitimate one.
  • Extortion Scams With A Long Tail. This is a ransomware virus that uses sensitive content as the ransom.
  • Micro-Ransomware. Extorts one document at a time.
  • False-Flags and Blameware. These are expected to increase and are used to spread propaganda to incite controversy between countries.
  • Pseudo-Ransomware. Where hackers try to infiltrate your organization using multi-vector attacks like smishing (SMS phishing) and vishing (the VoIP version of phishing).

Ask ITS for Help

Here are some of the things we can do to keep your data safe from cybercriminals:

  • Use secure email gateway and web gateway programs that provide URL filtering.  We’ll also ensure they are tuned correctly.
  • Patch your endpoints, operating systems, and third-party apps.
  • Make sure your endpoints and web gateway utilize next-generation, and frequently updated multi-layered security.
  • Users who handle confidential information will be forced to use two-factor authentication.
  • Perform reviews of internal security policies and procedures – especially those related to financial transactions.
  • Check your firewall configuration and make sure no criminal network traffic is allowed out to Command & Control servers.
  • Provide new-school security awareness training, including frequent social engineering tests using multiple channels.
  • Deploy weapons-grade backups in place.
  • Work with you on budgeting for cybersecurity and eliminate any overspending on solutions that simply target one threat at a time.
  • If your system gets infected with ransomware, we can re-image it from bare metal.

For more information on keeping your data safe, contact us today!

New call-to-action