Security researchers have found a new strain of Gojdue ransomware named ShurL0ckr. This ransomware appears undetected by two major cloud platforms such as Google Drive and Microsoft Office. Besides these two, Skype and Telegram apps too could not detect the new ransomware. ShurL0ckr is supplied as “Ransomware-as-a-service” (Raans) on the Dark Web. Cylance, an American security software company, has discovered that it has also targeted desktop communication apps like Skype and Telegram app. ShurL0ckr has, so far, been detectable only by a few anti-virus software, and it somehow got through the built-in malware protection Google Drive mechanism and Microsoft office 365’s blockade. As most cloud service providers do not supply advanced malware detection capabilities and protection services, ShurL0ckr malware developers have picked up those said mediums as a perfect attack vector. This is also why they have managed to infect corporate users on a massive scale.
ShurL0ckr first breaks the protection of the user’s computer and infects the files on the computer. The ransomware goes through the cloud application protection mechanism when the infected files are uploaded to the cloud. It can be downloaded to another device to expand the scope of the infected files. The ransomware encrypts the files uploaded to the cloud and drums up a subscription fee from the subscribers. The hackers share the blackmail profit with the service providers.
50% of ShurL0ckr was detected by VirusTotal software. Bitglass investigated this matter in January, and through VirusTotal, they discovered that VirusTotal could detect only 7% of the ransomware and most of the ties, it broke through the blockades of Google Drive and Microsoft Office 365. A regular company on an average stores 450,000 files on the cloud of which 20,000th file is infected with malware.
