thinkCSC Security Alert: Office 365 Vulnerability


A California-based security firm recently discovered a ‘potentially dangerous’ Office 365 vulnerability. The vulnerability gives hackers the ability to access and encrypt files on SharePoint and OneDrive. Once encrypted, the files cannot be recovered without paying a ransom to the cybercriminal.

To gain access to the SharePoint or OneDrive accounts, a cybercriminal need only hijack the identity of a single user. Once the hacker gains access to that user’s account, they not only have access to their files but to any files connected to SharePoint or OneDrive. The hacker can then immediately encrypt the data.

How to Avoid Paying Ransoms

Many small business leaders are under the impression that if their data is “in the cloud,” then it is safe from hackers. The recent discovery of this Office 365 vulnerability illustrates that this isn’t true, and that your data needs to be backed up to a third party and tested on a regular basis. Having a discreet copy of your data that is not connected to your network protects your organization from being held hostage.

While organizations are sometimes forced to pay a ransom in order to prevent further public safety issues, the only one who benefits from paying the ransom is the cybercriminal. Paying ransoms fuels their motivation to continue.

Cloud Data Isn’t Safe Just Because It’s in the Cloud

Hackers have discovered this new avenue of attack by going directly after data in the cloud. The only way to avoid the business-crippling costs of a data breach, as well as the resulting fines, reputational damage, and loss of business, is to invest in offsite replication. According to Verizon’s 2022 Data Breach Investigation Report, ransomware breaches increased by 13% in the past year, which is more than in the past five years combined. With a small investment in offsite replication, backup and recovery will be far less than the devastation of losing all of your data to a hacker.

Public Cloud Backup is the Only Option

Local, secure cloud storage like thinkCSC’s ensures that you maintain access to your data, even if cyber criminals encrypt your SharePoint or OneDrive files on Office 365. thinkCSC’s data backup and recovery solutions place your data in our cloud. We keep you working, reduce downtime, provide provisions during emergencies, and prevent the loss of your data.

Get in touch to learn more about how we can help you protect your data from risk.

Read more about the original discovery of the flaw here.


Author thinkCSC

More posts by thinkCSC

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.