SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
The attack involved only the theft of files rather than theft followed by encryption. After exfiltrating hundreds of files, the attacker then uploaded thousands of PREVENT-LEAKAGE.txt files.