Case Study: User’s mailbox getting encrypted

John at ACME INC. loves OneDrive, he has been using OneDrive like crazy ever since their IT company moved them to Office 365. He frequently gets alerts in his OneDrive and SharePoint that coworkers and other companies have shared documents with him. One day he received an email alerting him that a new document was shared with him. The email looked like it normally does but he didn’t recognize the sender. He clicked to retrieve his document and a webpage opened asking for his credentials. He thought nothing of it and was glad Microsoft wanted to confirm his identity. He entered his credentials and he was redirected to another sign in page. He signed in again and it took him to his Microsoft account. Thinking this was odd he replied to the sender asking them to send the link again as the first link didn’t work. Shortly after, all his emails in his mailbox changed to say ENCRYPTED and ever email he clicked wanted him to pay money. He started hearing reports across the office that all the documents in the company’s SharePoint document library all say ENCRYPTED. No one can access anything in the company folders share in the SharePoint Site. His assistant comes to him saying all the mail in his Mailbox said ENCRYPTED also.

So what happened? If John would of looked closely at the address bar or the link in the email he would have seen that the links would not and did not take him to Microsoft. Once he entered his credentials on the offending site, the attacker had all they needed to wreak havoc on John’s data. The used these credential to push ransomware into the user’s mailbox and into the company’s SharePoint document library. John also had full access to his assistant’s box which allowed the attacker to encrypt their mailbox as well. Having no backup solution ACME INC. lost all of John’s email along with his assistance email. Staff had to click every single document in SharePoint and return it to a previous version to undo the encryption. There was significant data loss and days of downtime due to one mistake of an employee.

 Integrity wants you to be aware of the very real risks to your company’s cloud data. As with anything, we recommend ALL company data be protected with backups that follow the universal backup standards (3-2-1 Rule). Integrity has a solution to ensure your cloud data is safe. If you are interested please reach out to us at for more information.

Lisa Cone