Estimated reading time: 2 minutes, 37 seconds

Is Cloud Ransomware a Danger to Your IT Environment? Featured

Is Cloud Ransomware a Danger to Your IT Environment? black and white computer keyboard

Ransomware has been a major cybersecurity threat to traditional IT environments for years. Until recently, cloud resources were not frequently attacked by this particular kind of malicious software. In large part, this was due to the challenges of attacking a cloud infrastructure.

This apparent safety may be changing and organizations now need to guard their cloud environments from ransomware attacks. As more companies migrate workloads and sensitive data to the cloud, cybercriminals are increasingly seeing cloud resources as a viable target for ransomware. 

How Cloud Ransomware Works 

Criminals are primarily using three methods to perpetrate ransomware attacks on cloud services. Each method has a similar capacity for damage if executed successfully. 

  • Infecting file-sharing services and applications - Companies often use file-sharing services synced to a cloud service to facilitate data access for mobile employees. A ransomware attack will begin by encrypting data on a local machine that is then synced to the cloud. The infected file then spreads the malware throughout the cloud infrastructure affecting a large number of files. 
  • Phishing attacks - Cybercriminals use phishing techniques to trick users into divulging credentials for cloud-based email services like Microsoft 365. The victim’s emails are then encrypted and held for ransom. 
  • Targeting cloud vendors - In an attempt to maximize the value of a successful attack, ransomware gangs are directly targeting cloud vendors rather than their customers. Criminals try to compromise the credentials of a vendor’s employee so they can encrypt infrastructure that affects multiple clients. The hope is that some of the clients will pay the ransom to avoid the major disruptions caused by the attack.  

Defenses Against Cloud Ransomware 

Some of the defenses against cloud ransomware are identical to the measures required to protect against traditional attacks. Others are tailored to the aspects of the cloud that make it vulnerable to ransomware.  

  • Employee education is one of the most important initiatives an organization can undertake to protect itself from ransomware. Users need to be trained to identify and not fall victim to phishing emails. They also need to understand the importance of using strong passwords and not sharing credentials to avoid misuse by malicious insiders.  
  • Keep all software and firmware updated. Attackers take advantage of known vulnerabilities when attempting a ransomware attack. Updates often contain fixes for vulnerabilities that offer greater protection for the cloud environment.  
  • Develop comprehensive backup and business continuity plans. A viable strategy is to back up systems using multiple techniques which may include making both cloud and local copies of your data. If one set is compromised, you can still recover your systems. 
  • Use blacklists to keep employees away from websites that are known to host malware or other malicious software. Consider installing anti-phishing tools that help identify advanced threats.  

The shared responsibility matrix for cloud security provides multiple targets for ransomware attacks. Criminals can attack a company’s data directly or by impacting the cloud provider’s infrastructure. Devote the necessary resources to train all employees and minimize the chances of a successful attack on your data resources. 

 

 

Read 134 times
Rate this item
(0 votes)
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.