Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker. The research focused on two of the most popular enterprise cloud apps – SharePoint Online and OneDrive within the Microsoft 365 and Office 365 suites and shows that ransomware actors can now target organizations’ data in the cloud and launch attacks on cloud infrastructure. More information: https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
There are weaknesses found in applications, software, and operating systems every day; however, there are many ways for an organisation/individual to be safer online.To prevent attackers getting into your accounts, use a long, strong password, made up of 3 random words. Cyber Essentials recommends the length should be at least 12 characters or more. Always activate 2 factor authentication where possible. Even if the attacker obtains your password, they are unlikely to have access to your phone or authenticator app so unable to gain further access.
Keep software up to date with the manufacturer’s updates. It is good practice to apply all updates within 14 days, therefore patching that exploit.
Lastly, make a backup of anything that you value. That is, anything that would inconvenience you, for whatever reason, if you could no longer access it. If you lose access to your original data, you can then restore a copy of it from the backup.