In recent years, an especially pernicious form of malware, known as ransomware, has been affecting computer systems with devastating results. This particular type of attack encrypts or locks a user’s data and demands financial payment to get the information back. In some cases, even if payment is made access to the files is not restored. Infection with ransomware can be catastrophic for the organizations it impacts.
The Cloud is not Immune to Ransomware Infection
The purveyors of ransomware search for targets that have the financial resources to meet their demands. They have been going after medical offices and small businesses for years and are now also turning their sights to cloud providers and applications. These businesses cannot afford any extensive downtime without causing major problems for their clients. The providers have a business imperative to quickly settle with the criminals to avoid extended outages and the ensuing hit to their reputation.
Here are some examples of how ransomware has impacted cloud service providers and, by extension, the customers who depend on them.
Cloud computing provider iNSYNQ, which specializes in furnishing virtual desktop environments to its customers, was attacked with ransomware from a strain called MegaCortex in July of 2019. The infection caused the loss of access to customer data that lasted over a week in an industry where outages usually are resolved within a few hours. The company had to take down their infrastructure to prevent further spread of the malware and were tasked with rebuilding and restoring the data for thousands of servers.
Cloud hosting provider Cloudnine Real Time was hit with ransomware in September of 2017. The attack compromised data from 30% of its customers by locking their files and making them inaccessible. It took almost a week to fully recover user data from backups, some of which had also been infected with corrupt files. Fortunately no data was stolen by the hackers, so once the restore process was completed it was back to business as usual for the company.
The foreign exchange company Travelex was attacked on this past New Year’s Eve by malware named Sodinokibi, causing a severe impact on its ability to provide services to its customers. The cybercriminals are demanding a payment of $6 million and are claiming to have taken 5 GB of customer data that it is holding until the ransom demands are met. Travelex is still scrambling to understand the full scope of the intrusion and may be open to additional penalties, if data has been stolen, for not notifying the proper organizations promptly. This puts them at odds with the European Union’s General Data Protection Regulations (GDPR) which require reporting of potentially customer-impacting data breaches within 72 hours.
While the cloud offers many benefits to the computing community, it is not immune to the threats of ransomware and other malicious software. It’s something else to consider when making plans to migrate your data or services to a cloud provider.Last modified on Monday, 27 January 2020