This apparent safety may be changing and organizations now need to guard their cloud environments from ransomware attacks. As more companies migrate workloads and sensitive data to the cloud, cybercriminals are increasingly seeing cloud resources as a viable target for ransomware.
How Cloud Ransomware Works
Criminals are primarily using three methods to perpetrate ransomware attacks on cloud services. Each method has a similar capacity for damage if executed successfully.
- Infecting file-sharing services and applications - Companies often use file-sharing services synced to a cloud service to facilitate data access for mobile employees. A ransomware attack will begin by encrypting data on a local machine that is then synced to the cloud. The infected file then spreads the malware throughout the cloud infrastructure affecting a large number of files.
- Phishing attacks - Cybercriminals use phishing techniques to trick users into divulging credentials for cloud-based email services like Microsoft 365. The victim’s emails are then encrypted and held for ransom.
- Targeting cloud vendors - In an attempt to maximize the value of a successful attack, ransomware gangs are directly targeting cloud vendors rather than their customers. Criminals try to compromise the credentials of a vendor’s employee so they can encrypt infrastructure that affects multiple clients. The hope is that some of the clients will pay the ransom to avoid the major disruptions caused by the attack.
Defenses Against Cloud Ransomware
Some of the defenses against cloud ransomware are identical to the measures required to protect against traditional attacks. Others are tailored to the aspects of the cloud that make it vulnerable to ransomware.
- Employee education is one of the most important initiatives an organization can undertake to protect itself from ransomware. Users need to be trained to identify and not fall victim to phishing emails. They also need to understand the importance of using strong passwords and not sharing credentials to avoid misuse by malicious insiders.
- Keep all software and firmware updated. Attackers take advantage of known vulnerabilities when attempting a ransomware attack. Updates often contain fixes for vulnerabilities that offer greater protection for the cloud environment.
- Develop comprehensive backup and business continuity plans. A viable strategy is to back up systems using multiple techniques which may include making both cloud and local copies of your data. If one set is compromised, you can still recover your systems.
- Use blacklists to keep employees away from websites that are known to host malware or other malicious software. Consider installing anti-phishing tools that help identify advanced threats.
The shared responsibility matrix for cloud security provides multiple targets for ransomware attacks. Criminals can attack a company’s data directly or by impacting the cloud provider’s infrastructure. Devote the necessary resources to train all employees and minimize the chances of a successful attack on your data resources.