The 0mega ransomware group has successfully pulled off an extortion attack against a company’s SharePoint Online environment without needing to use a compromised endpoint, which is how these attacks usually unfold. Instead, the threat group appears to have used a weakly secured administrator account to infiltrate the unnamed company’s environment, elevate permissions, and eventually exfiltrate sensitive data from the victim’s SharePoint libraries. The data was used to extort the victim to pay a ransom.
Likely First of its Kind Attack
The attack merits attention because most enterprise efforts to address the ransomware threat tend to focus on endpoint protection mechanisms, says Glenn Chisholm, cofounder and CPO at Obsidian, the security firm that discovered the attack.
“Companies have been trying to prevent or mitigate ransomware-group attacks entirely through endpoint security investments,” Chisholm says. “This attack shows that endpoint security isn’t enough, as many companies are…