Content, Breach, Channel partners, Content, MSSP, Ransomware

ShurL0ckr Ransomware-as-a-Service: Here’s What MSSPs Need to Know

Bitglass and Cylance have identified ShurL0ckr, a new strain of Gojdue ransomware.

ShurL0ckr is a ransomware-as-a-service that enables hackers to generate a ransomware payload and distribute it via phishing or drive-by-download, according to Bitglass. That way, hackers can encrypt files on disk in a background process until a Bitcoin ransom is paid.

Neither Google Drive nor Microsoft SharePoint were able to detect ShurL0ckr, Bitglass indicated. In addition, only 7 percent of tested engines (five in 67) detected ShurL0ckr.

Forty-four percent of organizations have some form of malware in at least one of their cloud applications, according to research from Bitglass and Cylance.

Malware Pervasive in the Cloud

Other notable findings from the Bitglass-Cylance "Malware, P.I., Tracking Cloud Infections" report included:

  • The average organization held nearly 450,000 files in the cloud, with one in 20,000 files containing malware.
  • One in three corporate instances of software-as-a-service (SaaS) apps contained malware.
  • Of the four major SaaS applications – Microsoft OneDrive, Google Drive, Box and Dropbox – OneDrive had the highest rate of malware infection at 55 percent, followed by Google Drive (43 percent) and Box and Dropbox (33 percent each).
  • Scripts and executables (42 percent) used to launch malicious apps with the click of a button were the most common infected file type. Microsoft Office files (21 percent) ranked second.

Most cloud services providers (CSPs) fail to deliver malware protection, and those that do struggle to detect zero-day threats, Bitglass VP of Product Management Mike Schuricht said in a prepared statement. However, AI-based threat prevention solutions now enable organizations to quickly detect new malware and ransomware, Schuricht stated, and keep their cloud data secure.

How Will AI Impact the Global Cybersecurity Market?

Rising demand for cloud-based security solutions and connected devices may create new opportunities for Cylance and other AI-based threat prevention solutions providers.

The global AI in cybersecurity market was worth approximately $3.9 billion last year, according to market research firm MarketsandMarkets. This sector also is projected to expand at a compound annual growth rate (CAGR) of 31.4 percent between 2017 and 2025 and could be worth $34.8 billion by 2025.

Meanwhile, a rapid increase in sophisticated cybercriminal activity is forcing organizations to deploy a wide range of cloud security technologies, MarketsandMarkets indicated. This ultimately may lead many organizations to implement AI-based threat prevention solutions to safeguard cloud applications and networks.

Cylance surpassed $100 million in trailing 12-month revenue in 2017, based on generally accepted accounting principles (GAAP). The company achieved this milestone approximately 39 months after it released its CylancePROTECT AI-based endpoint protection software, leading to speculation that Cylance soon may launch an IPO.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.