“Cloud-First” Ransomware: A Technical Analysis

Get a technical analyses of recent malware campaigns discovered or documented by Netskope Threat Research Labs and learn how to defend against them. Cloud services have emerged as the preferred attack vector of some of the most dangerous and innovative cloud malware exploits of the past six months. Why? Because many organizations don't inspect their cloud SSL traffic for a malware and the same functionalities of the cloud dramatically increase productivity (sync, share, collaborate, etc) also provide ransomware developers with a perfect medium for faster delivery of malware payloads to more targets. Join Netskope chief scientist Krishna Narayanaswamy and Director of Netskope Threat Research Labs Ravi Balupari for a fascinating look at how malicious actors now design ransomware to make best use of popular cloud services to hide in plain sight, and do more damage in less time. Krishna and Ravi will provide technical analyses of recent malware campaigns discovered or documented by Netskope Threat Research Labs. These include: - Virlock, which encrypts files and also infects them, making it a polymorphic file infector - CloudFanta, which uses the SugarSync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities - CloudSquirrel, which takes advantage of multiple cloud apps throughout the ransomware kill chain with the intent to steal and exfiltrate user data - The Zepto variant of Locky ransomware, now distributed both by popular cloud storage apps and via DLL