Over the last 10 years, ransomware attacks have become the main cybersecurity risk. More than 200 different ransomware families have been used in the wild. Endpoint detection and response (EDR) tools can prevent most of them generically with decoy file traps, monitoring for processes that modify many files, or by monitoring common pre-encryption actions such as shadow copy deletion. What would happen if adversaries found a way to encrypt all of your sensitive data without encrypting a single file on your endpoints? What if this encryption could be achieved without a single malicious executable being present on the endpoint? 

This research, first presented at Black Hat Las Vegas highlights DoubleDrive – a fully undetectable cloud-based ransomware, different from all other public ransomware variants seen so far. It bypasses decoy file detection, Microsoft’s Controlled Folder Access and OneDrive’s ransomware detection.

Join us on November 20, 2024, at 9 am PT/12 pm ET as we share this original research and highlight how even trusted tools like OneDrive can be leveraged by motivated adversaries to potentially disrupt organizational defenses. This talk will highlight:

• Why we must avoid placing blind trust in any process or executables developed by trusted vendors.
• How the next generation of ransomware attacks could be executed through legitimate cloud services.
• Why security measures should be designed to prevent attackers from tampering with security settings, ensuring the protection of data and systems.