"'DoubleDrive' Attack Turns Microsoft OneDrive Into Ransomware"

According to SafeBreach researcher Or Yair, Microsoft's OneDrive file-sharing program can be used as ransomware to encrypt most files on a target machine beyond recovery, partly because Windows and Endpoint Detection and Response (EDR) programs inherently trust the program. Microsoft has patched OneDrive so that this vulnerability no longer affects client versions 23.061.0319.0003, 23.101.0514.0001, and later. Yair has packaged his OneDrive attack process into an automated tool called DoubleDrive, which is available on GitHub and compatible with older OneDrive versions. This article continues to discuss the DoubleDrive attack. 

SC Media reports "'DoubleDrive' Attack Turns Microsoft OneDrive Into Ransomware"