2016 seems to have been the year of ransomware which has lead cybercriminals to continually modify and improve the effectiveness of their attacks. A good example is Virlock. While Virlock has been around for several years, the most recent strain is able to spread through cloud storage via collaboration applications, according to Netskope.

Netskope explains that users can inadvertently spread Virlock through the organization’s network, in a type of fan-out effect, as Virlock is able to spread via cloud syncs, cloud storage, and collaboration applications. Netskope states that Virlock works by first infecting all of the user’s files. These infected files include data synced with the cloud collaboration application which then spreads the infection to the cloud folders and infects the stored files. If another user clicks on an infected file on a share folder, they will inadvertently execute Virlock and infect the files on their machine as well.

Virlock displays an FBI anti-piracy warning which requires payment of a “first-time offender fee” via bitcoin in order to unencrypt the files.