Ransomware escapes detection using Google Docs

Chinese ransomware uses Google Docs form to share encryption keys

Researchers have discovered a new strain of ransomware that uses Google Docs to avoid detection.

The module - dubbed 'cuteRansomware' - was found by cloud security firm Netskope. It appears to be a Chinese variant of the 'my-Little-Ransomware' package, which was published on GitHub some months ago.

Most of the source code remains unchanged from the original ransomware sample, aside from a few notable alterations.

Advertisement - Article continues below

Firstly, the list of file extensions sought out and encrypted by cuteRansomware was much smaller than the original malware, including .bmp, .png, .jpg, .zip, .txt, .pdf, .pptx, .docx, .py, .cpp, .pcap, .enc, .pem, and .csr files.

More importantly, however, once infected, the modified ransomware used a Google Docs form to send the attacker the victim's computer's name and the RSA encryption keys used for encrypting their files.

By using Google Docs as a data transmission vector, the attackers can use Google's own security to circumvent the victim's security, the company warned.

"Google Docs uses HTTPS by default and the network data transmission over SSL can easily bypass traditional security solutions such as a firewall, intrusion prevention system, or next generation firewall," Netskope wrote in a blog post. "We believe this is critical."

"As malicious actors make increasing use of the cloud for both delivering malware and exfiltrating data via command-and-control, traditional detection tools' lack of visibility into SSL becomes a huge benefit to them."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Netskope also stated that this could represent the start of a trend towards increasing use of cloud services in amongst malware authors, for controlling botnets as well as conveying information.

The security firm said it has notified Google's own security team of the issue. IT Pro has contacted Google for comment.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

30 Jun 2020
Visit/security/hacking/356152/searching-for-a-new-job-that-linkedin-job-offer-may-be-fake
hacking

Searching for a new job? That LinkedIn job offer may be fake

19 Jun 2020
Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020