Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

A reported a “potentially dangerous piece of functionality” allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks.

Those files, stored via “auto-save” and backed-up in the cloud, typically leave end users with the impression data is shielded from a ransomware attack. However, researchers say that is not always the case and files stored on SharePoint and OneDrive can be vulnerable to a ransomware attack.

The research comes from Proofpoint, which lays out what it say is “potentially dangerous piece of functionality” in a report released last week.

“Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker,” according to researchers.

How the Attack Chain Works

The attack chain assumes the worst and starts with an initial compromise of an Office 365 user’s account credentials. This leads to an account takeover, then discovery of

Read More: