Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks.

“Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker,” according to researchers.

This leads to an account takeover, then discovery of data within the SharePoint and OneDrive environment and eventually a breach of data and ransomware attack.

Configuring how many versions of a file is save in on OneDrive and SharePoint further reduces the damage an attack.

The likelihood of and adversary encrypting previous versions of a file stored online reduces the likelihood of a successful ransomware attack.

“Most OneDrive accounts have a default version limit of 500. An attacker could edit files within a document library 501 times. Now, the original version of each file is 501 versions old, and therefore no longer restorable,” researchers wrote.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.