Ransomware escapes detection using Google Docs

Chinese ransomware uses Google Docs form to share encryption keys

Researchers have discovered a new strain of ransomware that uses Google Docs to avoid detection.

The module - dubbed 'cuteRansomware' - was found by cloud security firm Netskope. It appears to be a Chinese variant of the 'my-Little-Ransomware' package, which was published on GitHub some months ago.

Most of the source code remains unchanged from the original ransomware sample, aside from a few notable alterations.

Firstly, the list of file extensions sought out and encrypted by cuteRansomware was much smaller than the original malware, including .bmp, .png, .jpg, .zip, .txt, .pdf, .pptx, .docx, .py, .cpp, .pcap, .enc, .pem, and .csr files.

Advertisement
Advertisement - Article continues below

More importantly, however, once infected, the modified ransomware used a Google Docs form to send the attacker the victim's computer's name and the RSA encryption keys used for encrypting their files.

By using Google Docs as a data transmission vector, the attackers can use Google's own security to circumvent the victim's security, the company warned.

"Google Docs uses HTTPS by default and the network data transmission over SSL can easily bypass traditional security solutions such as a firewall, intrusion prevention system, or next generation firewall," Netskope wrote in a blog post. "We believe this is critical."

"As malicious actors make increasing use of the cloud for both delivering malware and exfiltrating data via command-and-control, traditional detection tools' lack of visibility into SSL becomes a huge benefit to them."

Netskope also stated that this could represent the start of a trend towards increasing use of cloud services in amongst malware authors, for controlling botnets as well as conveying information.

The security firm said it has notified Google's own security team of the issue. IT Pro has contacted Google for comment.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Recommended

Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354191/xerox-threatens-hostile-takeover-after-hp-rebuffs
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019
Visit/public-cloud/34850/salesforce-takes-aws-relationship-to-the-next-level
News

Salesforce takes AWS relationship to the next level

19 Nov 2019
Visit/security/bugs/354180/google-to-offer-15m-to-anyone-that-can-break-a-pixel-4
bugs

Google to offer $1.5m to anyone that can break a Pixel 4

22 Nov 2019