The malicious actors behind ransomware have refined their methods to concentrate on high-value systems when choosing a victim. Attacks are often customized in an attempt to increase the chance of success. Phishing emails, one of the most common methods of injecting ransomware into an environment, are tailored to appeal to the prospective victim and tempt them into clicking on an infected link.
Cloud resources are an attractive target for ransomware gangs for several reasons.
- The tremendous volume of information stored in the cloud means there is the potential to hold valuable data for ransom, forcing the victim to pay.
- The business-critical nature of many cloud services means that companies cannot afford to be without them for an extended amount of time.
- Cloud resources are often shared by clients, making it possible to carry out attacks on multiple entities with a single incursion.
Strengthening Defenses Against Ransomware
Major cloud providers are providing resources to help their customers avoid the perils of a ransomware attack. An example is a recent security blog post by Amazon Web Services (AWS) that offers the following suggestions for protecting data in the cloud.
- Ensure you can recover data and applications promptly. This entails a robust backup strategy and a vetted and tested disaster recovery plan. Cloud providers have multiple backup and disaster recovery solutions available that can be customized to meet the business objectives of any company.
- Encrypt data to protect it in the event that a company is successfully attacked with ransomware. In addition to holding data for ransom, the malicious actors often threaten to exfiltrate sensitive data and release it on the web. If the data is encrypted, this tactic will not work, as no usable information will be available to be released by the cybercriminals.
- Automate the installation of critical security patches to avoid gaps that can be utilized to gain access to enterprise systems. It may not be enough to simply install patches on a weekly or monthly schedule. Cybercriminals can act quickly when a common vulnerability exposure (CVE) is announced and take advantage of any delay in addressing the issues with the appropriate patches.
- Implement a strong security standard that includes industry best practices like enforcing least privilege policies regarding access to enterprise data. This will minimize the potential damage caused by an employee who gets tricked by a phishing email.
- Monitor your environment and automate responses to discovered issues. For instance, failed backup jobs need to be identified and rerun to provide the necessary protection in case systems are compromised. The environment should also be monitored for any suspicious activity that may indicate an intrusion has already occurred.
It is virtually impossible to eliminate the possibility of a ransomware attack on cloud resources. Fortunately, with the right defensive strategy in place, the damage can be minimized. Take advantage of the resources available from your provider which are designed to help you protect your valuable data in the cloud.