New Strain of Ransomware Encrypting Email Inboxes

June 11, 2018

New Strain of Ransomware Encrypting Email Inboxes

By Chris Brunau

A new type of ransomware is coming for cloud email inboxes. While this particular strain was developed by white hat hackers and hasn’t been seen in the wild yet, it’s a wake-up call for those who use cloud-based email services like Gmail or Exchange.

According to KnowBe4, this kind of ransomware relies on social engineering to deceive users into giving hackers access to their email account.

The method starts by sending a branded email that promises a Microsoft anti-spam service. When the user clicks on the email to install the service, they instead receive a ransomware payload that encrypts all of their emails and attachments in real time.


This attack, called “ransomcloud” will work for any cloud email provider that allows a third-party application control over the email via OAuth. With Google, this will work if you get the app past their verification process. Office 365 doesn't verify the app at this point, so it makes an attack like this much easier.


As always, it’s important to educate your users to double and triple check any attachments or links before they click them. If it seems suspicious, tell users to err on the safe side and send it to the IT department for help or delete the email.

As always, should the worst-case scenario occur, a full backup of your environment is necessary to avoid costly business downtime. Learn how Datto SaaS Protection for Office 365 or G Suite can help get you back to business fast after a ransomware attack in the cloud.

Relevant Articles

Subscribe to the Blog