Watch Out For Ransomware in the Cloud!
According to a global survey of 1,225 companies (including those in Australia), 61% of businesses were disrupted by ransomware at some point during the past year. Part of why is due to how many cloud services we use nowadays. According to a study done in 2021, 98 percent of surveyed firms experienced a cloud ransomware attack in the last 18 months, up from 79 percent the year before.
In this article, you’ll learn something about ransomware in the cloud, the types of attacks to look out for, the common ransomware variants employed, and how to protect your company from these attacks.
Types of Ransomware Cloud Attacks
There are three types of cloud ransomware attacks. The first involves attacking/compromising your employee’s local device. Then once they sync their data with a cloud storage service, the ransomware spreads to the cloud.
The second type of ransom cloud attack involves criminals gaining direct access to an organisation’s cloud systems via phishing and then encrypting or extracting their contents.
And finally, large-scale attacks that target cloud providers. An attack on DDS Safe, US cloud-based backup and storage provider for dentistry practices, compromised over 400 dentistry offices, leaving them unable to access the internet. The criminals infected DDS Safe with a REvil ransomware strain.
How To Protect Yourself Against Ransomware in the Cloud
Here are a few cloud security best practices that’ll help protect your company and reduce the chances of cloud ransomware.
- Back up your data securely.
One way to protect your organisation is to back up your company data regularly in separate, secure locations. You can even take it further and use a cloud-to-cloud backup service or consider backing it up locally.
- Use multiple cloud providers.
By using multiple cloud service providers, you can keep your data separate. If any portion falls to a ransomware attack, you can keep the others running while you sort things out. If you’re planning to use a multi-cloud infrastructure, be sure your auditing solution can combine data from different platforms and present a summary of events from a single console.
- Log and monitor sensitive actions.
Operations such as life-cycle configuration and key removals usually take days. Your organisation can thwart a ransomware attack by logging and monitoring sensitive actions like these. You may notice those occurrences using tools like CloudTrail and CloudWatch (both from Amazon Web Services) and respond quickly to stop the attack. Of course, this is less effective for rapid occurrences, but the sooner you identify the attack, the higher your chances of mitigating it.
- Block malicious apps and websites
One thing to consider is the type of software (especially third-party apps) that your employees install. This also includes browser extensions and mobile apps. Use web filtering and blacklist/whitelist harmful websites to prevent your employees from accessing or downloading apps with a malicious payload.
- Carry out real-time audits
A great way to protect your database is by regularly monitoring your organisation’s cloud environment. You can do this using third-party auditing services or the native tools built into your cloud platform. These services can detect and respond to suspect file and folder activity in real-time by employing the latest machine learning techniques.
- Adopt a strategy of least privilege access.
Another great way to keep cybercriminals out of your organisation’s system while minimising the impact of an attack is to keep permissions to the bare minimum. Limit user access to just what’s needed to carry out their daily tasks. Since these criminals need to access and alter your buckets on the cloud, keeping them separate will make it more difficult for them. Cleaning out any dormant users or features that could be exploited is also a good idea; this can easily be automated.
- Employee Education
Carry out regular security awareness training (at least once a year) to ensure that all staff can recognize suspicious links, emails, third-party apps, attachments, links, and extensions. Employees should also be taught to disconnect their devices from the network as soon as they become aware (or suspect) that they have been the victim of a ransomware assault.
Common Ransomware Variants That Target The Cloud.
- The Petya Ransomware
The Petya ransomware uses Dropbox as a cloud insertion mechanism. The email begins as a phishing email, linking to a Dropbox location where the resume is stored. It contains a link to a self-extracting application that downloads the ransomware onto the machine.
This ransomware variation encrypts network drives, local devices, and cloud storage. Jigsaw ransomware hunts for OneDrive storage and encrypts items synchronised with OneDrive. The Jigsaw Ransomware capitalises on how cloud storage works by encrypting the local OneDrive storage place and synchronising the encrypted data to the cloud. The encrypted files are subsequently synchronised to all nodes linked to the shared OneDrive location.
Contact us now if you’d like to see how GKM2 can help secure your organisation’s data from Ransomware in the cloud! Or call +61 2 9161 7171