Google and Microsoft failed to detect zero-day ShurL0ckr ransomware

New zero-day ransomware detected on both Google and Microsoft cloud servers

Shurl0ckr ransomware is a variant of Gojdue

The new file-encrypting virus was detected on Google and Microsoft cloud services. Researchers report about zero-day ShurL0ckr ransomware[1] that managed to bypass Google Drive and MS Office 365 built-in malware protection.[2]

Bitglass, the cloud access security broker (CASB) recently performed a scan of Google Cloud and Microsoft Office 365 cloud networks. They found that numerous files hosted on Cloud where infected by malware.

Cloud services[3] became extremely popular in recent years – global organizations and companies rely on them to boost their productivity and dexterity. However, it opened a new door for cybercriminals to fulfill their sinister plots.[4]

Further study conducted

Bitglass and its colleagues in Cylance discovered that both Office 365’s and Google Drive’s protection systems failed to identify the ShurL0ckr. They then tested another 67 malware engines using VirusTotal and determined that ninety-three percent were unable to detect the dangerous ransomware.

The discovery of ShurL0ckr launched a more detailed investigation. Therefore, Bitglass Threat Research Team scanned millions of files to analyze the current rate of malware infections on cloud servers.

Research showed that 44% of the companies that keep their files on Cloud had at least one malware infected file or application. Software-as-a-service[5] applications were affected at the rate of one in three.

Bitglass also discovered that 55% of Microsoft’s OneDrive files were infected, followed by Google Drive totaling at 43% infection rate. Dropbox and Box were the least contaminated, with 33% infection rate. Security experts also investigated the most common types of infected files:

  1. Script and executable files – 42%
  2. MS Office documents – 21%
  3. Text, picture, and other files – 19%
  4. Windows system files – 10%
  5. Compressed files – 8%

On average, a regular company keeps around 4500,000 files in the cloud, and every 20,000th file is infected with malware.

Mike Schuricht, the vice president of Bitglass, noted:

Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism. Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.

ShurL0ckr ransomware is designed to target organizations

ShurL0ckr is a variant of Gojdue ransomware and works identically to Satan ransomware. Malware operates as a Ransomware-as-a-Service (RaaS). It means that anyone can obtain it on the dark market and spread it in order to get income from paid ransoms.

Malware spreads via spam emails that include MS Word attachment with malicious Macro commands. Thus, the infection gets into the system as soon as victims open this file.

Researchers tell that ransomware mostly targets organizations and companies. It is not expected to aim at individual computer users. However, if you were hit by the malware, you have to focus on its removal rather than paying the ransom and risking to lose your money.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions