A new ransomware strain dubbed as “ransomcloud” has been developed and it can encrypt online email accounts like Office 365 and Gmail in real-time.
The new ransomware strain was reportedly developed by a white hat hacker associate of Kevin Mitnick, Chief Hacking Officer of cybersecurity company KnowBe4.
Similar to other methods of ransomware infections, cybercriminals can trick victims into installing the malicious software with phishing scams loaded with poisoned attachments or links.
This new strain uses a smart social engineering tactic to trick the user to give the bad guys access to their cloud email account, with the ruse of a “new Microsoft anti-spam service”.
As soon as the victim clicks the link and accepts the “service” by logging into the cloud email account and granting the fake app the permissions it needs, it will then encrypt all your online emails and attachments in real-time!
This attack will likely work with any cloud email service, such as Gmail and Outlook365, that allows third-party apps control over the account via an authorization system called OAuth.
In the Video below you can see how it works and there are only 5 min needed for it!
To read the original Article I recommend you the Blog entry of Stu Sjouwerman. He works with Kevin Mitnick and here you can get to the article.