Proofpoint researchers have reported finding a way that attackers could use a Microsoft 365 loophole to launch ransomware attacks. The method involves using compromised SharePoint Online or OneDrive accounts to reduce the (user-configurable) setting for the number or saved versions in SharePoint Online or OneDrive. Attackers can then encrypt files in those drives so that they are unrecoverable, have no backups, and no decryption key. Attackers could then demand a ransom to restore/recover the original files. The protection advice includes making sure that detection of file configuration changes for Office 365 accounts is switched on, implementing cloud security and threat intelligence, and implementing data loss prevention technology.
“They are a very detail orientated team who have achieved great IT solutions for our company. Their knowledge of new technology is good and explanation of benefits for us easy to understand.”
- Lynn West -