Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks.
“Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker,” according to researchers.
This leads to an account takeover, then discovery of data within the SharePoint and OneDrive environment and eventually a breach of data and ransomware attack.
Configuring how many versions of a file is save in on OneDrive and SharePoint further reduces the damage an attack.
The likelihood of and adversary encrypting previous versions of a file stored online reduces the likelihood of a successful ransomware attack.
“Most OneDrive accounts have a default version limit of 500. An attacker could edit files within a document library 501 times. Now, the original version of each file is 501 versions old, and therefore no longer restorable,” researchers wrote.
