Microsoft SharePoint, Google Drive, and Majority of AV Engines Fail to Detect New Ransomware Variant

Bitglass, the Next-Gen Cloud Access Security Broker (CASB) company, announced the results of its latest research, Malware, P.I., Tracking Cloud Infections. While cloud and mobile are a boon for productivity and agility, they are also a compelling target for hackers looking to distribute malware and steal sensitive data.

Together, Bitglass and Cylance identified a new strain of Gojdue ransomware on the dark web, dubbed ShurL0ckr. Two well known cloud platforms with built-in malware protection, Google Drive and Microsoft Office 365, failed to identify the ransomware. In addition, Bitglass tested VirusTotal, a service that scans malware against 67 of the leading malware engines, to scrutinize a file containing the ShurL0ckr ransomware. Only seven percent of tested AV engines successfully detected the new malware.

To analyze the proliferation of malware in the cloud, the Bitglass Threat Research Team also scanned tens of millions of files, discovering a high rate of infection in cloud applications and a low efficacy rate for apps with built-in malware protection like Microsoft Office 365 and Google Drive.

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism,” said Mike Schuricht, VP of Product Management. “Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.”

Bitglass Threat Research Highlights:

  • A New Strain of Ransomware Making its way to a Cloud Near You: The Bitglass Threat Research Team identified a new strain of the Gojdue ransomware on the dark web and tested the built-in malware protection services of Google Drive and Microsoft Office 365. Dubbed ShurL0ckr, the ransomware-as-a-service works the same way as the widely covered Satan ransomware. Hackers pay a percentage to the author after generating and distributing a ransomware payload that encrypts files on disk.
  • Native Cloud AV Fails to Detect Zero-day Malware: Neither Google Drive nor Microsoft Sharepoint were able to detect the ShurL0ckr ransomware with their built-in threat engines. When scanned against antivirus engines, only seven percent, or 5-in-67 detected the malware – one of these engines was Cylance, which protects Bitglass customers.
  • Malware is Pervasive in the Cloud: 44 percent of scanned organizations had some form of malware in at least one of their cloud applications.
  • Malware Doesn’t Discriminate, All SaaS Apps are Impacted: On average, one in three corporate instances of SaaS apps contained malware. Of the four major SaaS applications – OneDrive, Google Drive, Box, and Dropbox – Microsoft OneDrive had the highest rate of infection at 55 percent. Google Drive had the second highest rate of infection with 43 percent of instances being impacted, followed by Dropbox and Box with 33 percent each.
  • Which File Types are Malware in Disguise?: Bitglass identified the top five file categories by infection rate. Scripts and executables (42 percent), which can launch malicious applications with the click of a button, are the most common infected file type. Microsoft Office files, common corporate file types that most users trust and open without hesitation, ranked second (21 percent).


  • Additional Information:

About Bitglass

Bitglass, the Next-Gen CASB company, is based in Silicon Valley with offices worldwide. The company’s cloud security solutions deliver zero-day, agentless, data and threat protection for any app, any device, anywhere. Bitglass is backed by Tier 1 investors and was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

There are no comments

Add yours