Microsoft issues statement debunking Teams ransomware rumours

Rumours also claimed ransomware was being installed via the BlueKeep exploit

Ransomware splash screen mockup

Microsoft’s Security Response Centre (MSRC) has issued a statement to its customers who had started to believe the rumours circulating online that Dopplepaymer ransomware is spreading through Microsoft Teams and the Bluekeep exploit.

The Dopplepaymer ransomware has been infecting businesses primarily in Spain recently and according to Microsoft, merely the fact that many of these businesses run Microsoft Teams is just coincidental.

Advertisement - Article continues below

Microsoft said its security researchers have “found no evidence” to support the claims that the ransomware is circulating through the Microsoft Teams client and installing via the BlueKeep exploit.

"In our investigations, we found that the malware relies on remote human operators using existing Domain Admin credentials to spread across an enterprise network," said Simon Pope, director of incident response at MSRC. 

"Protection from Dopplepaymer and other malware is already available for customers using Windows Defender, and we will continue to enhance these protections as we identify new emerging threats."

Cyber security expert Kevin Beaumont Tweeted his agreement with the MSRC team upon hearing about the rumours.

"Just to reiterate this again, the only attacks I’ve seen in the wild with Bluekeep are lame cryptocurrency things spread via Metasploit,” said Beaumont, who recently discovered the first-ever BlueKeep exploit in the wild. “None of the recent ransomware incidents have involved Bluekeep.”

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Also, the Microsoft Teams update thing is being repeated by security companies is sourced from a single tweet speculating about it," he added. "It's not a thing, it was never a thing, it's not a vector in ransomware. The unsexy truth is attackers get domain admin."

In addition to debunking the rumours, Microsoft said that ransomware is still one of the most profitable attack methods for cyber criminals to exploit and, as such, IT admins must take proper care when maintaining cyber hygiene.

"These best practices can help prevent Dopplepaymer operators and other attackers from disabling security tools and using privileged credentials to destroy or steal data or hold it for ransom," said Pope.

Microsoft Teams is a collaboration client used by millions of businesses worldwide and it hit the 20 million daily user milestone this week.

The news sent rival Slack’s share price tumbling 10%, another hit to the free-to-use client which it overtook earlier this year.

Teams is part of the paid-for Office 365 suite of products or as a free version too. It’s currently the second most widely-used workplace collaboration platform behind Microsoft-owned Skype for Business which will eventually be replaced by Teams, the company has confirmed.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/agile-working/33528/it-pro-panel-why-collaboration-platforms-are-so-hard-to-deploy
agile working

Why collaboration platforms are so hard to deploy

29 Apr 2019

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020