Without using a compromised endpoint, which is how these assaults often go, the 0mega ransomware organisation has successfully carried out an extortion attack against a company’s SharePoint Online environment. Rather, it appears that the threat group entered the environment of the unnamed organisation using a weakly protected administrator account, elevated access, and ultimately exfiltrated private information from the victim’s SharePoint libraries. The information was used to demand a ransom from the victim.
According to Glenn Chisholm, cofounder and CPO at Obsidian, the security firm that uncovered the attack, the attack deserves attention because the majority of enterprise attempts to combat the ransomware threat tend to focus on endpoint protection methods.