BlueXP Blog

Cloud Ransomware: Solving 3 Key Challenges

Written by Cloud Insights Team | Feb 17, 2021 10:33:19 AM

What is Cloud Ransomware?

Ransomware is a malicious software (malware) process that infects systems and devices. Ransomware is typically deployed with the intention to block the access of legitimate owners to their data, applications, and environments.

Once a system is infected by ransomware, the malicious process starts encrypting files. System owners then receive a massage demanding ransom payments. Otherwise, the data remains encrypted and owners cannot continue using their information.

A ransomware process might try to gain access to more systems, spreading across a greater scope within the network. Ransomware can cause major damage when infecting cloud environments, which are often built for easy access and usage.

This article is part of our series about cloud security solutions.

 In this article, you will learn:

Why Ransomware Targets the Cloud

Enterprise Data is Moving to the Cloud

The cloud hosts a goldmine of data, and not only for enterprises trying to turn their data into actionable insights or sell information. Cyber criminals have taken note of the amounts of data pouring into the cloud and realize it represents a valuable target.

Cloud computing vendors provide services for companies and individuals throughout the globe, and not just simple Software as a Service (SaaS) offerings. Many companies shift their entire databases to the cloud, often using Databases as a Service (DBaaS).

Some organizations shift entire infrastructures to the cloud, using Infrastructure as a Service (IaaS). All of these services host valuable data required for business continuity, attracting the attention of threat actors.

Related content: read our guide to cloud security challenges 

Cloud Services are Critical for Business Continuity

To be successful, a ransomware attacker must target workloads that are absolutely critical and irreplaceable. Otherwise, the owners will not be incentivized to pay the ransom. Due to COVID-19 restrictions, entire workplaces are shifting to work-from-home models.

To provide employees with virtual workspaces, many prefer to do away with traditional (and slow) virtual private networks (VPNs). Today, many IT teams prefer to use Virtual Desktop Infrastructure (VDI) for self-managing the deployment of virtual machines (VMs) or leverage managed Desktop as a Service (DaaS) offerings based in the cloud. All of these business-critical environments are fodder for threat actors.

Cloud Resources are Shared by Many

If threat actors manage to encrypt an entire server, which is owned by a cloud vendor and sourced to many cloud users, then they increase the amount of ransom they can get from one attack. All of the cloud users sharing the same server’s resources are then forced to pay ransom, and the profit of the threat actor multiplies.

Cloud Ransomware Attack Types and How to Mitigate Them

There are three critical aspects that can expose cloud data to ransomware: ransomware-infected file-sharing services, RansomCloud attacks, and ransomware targeting cloud vendors.

Ransomware Syncing to Cloud File-sharing Services

Ransomware often reaches the cloud after first infecting a local computer. From the local machine, the ransomware infiltrates a file sharing service synced to the cloud. The malicious process encrypts the files on the compromised machine, and then spreads the corrupted files to the cloud.

This type of attack can put a business network to great risk. Once the infection spreads to the cloud, it can compromise the organization’s entire cloud-sharing system. Then, the ransomware might spread across the network, infecting other connected machines. If the ransomware reaches files that have not been backed up, the company might be forced to pay the ransom

Here are tips to help protect your data against ransomware synching:

  •  Use a next-generation antivirus—capable of defending against ransomware, to protect local files.
  • Continuously update your operating systems (OS)—using the most recent security patches.
  • Leverage web filtering—services to block infected websites.
  • Immediately disconnect infected—devices and systems from Internet networks
  • Get technical support—from IT and security professionals.
  • Implement backup and disaster recovery strategies—using either first-party or third party solutions.

 Related content: read our guide to cloud storage security 

RansomCloud Attacks

RansomCloud is a new spin on Ransomware which targets cloud-based email services like Office 365. Threat actors use phishing emails to gain access to email accounts. Phishing emails often look like legitimate emails, tricking victims into clicking on files that corrupt their systems or provide attackers with access to the account.

Once attackers gain access to an email account, they can use ransomware to encrypt the email messages of the victim and demand a ransom. Additionally, threat actors often use email accounts to launch new attacks, impersonate the account owner, scam the family members of the owner, and spread malware to the victim’s contacts.

Here are tips to help protect your data against RansomCloud attacks:

  •  Employee training—there are often signs that might warn against a phishing attack. Training and updated educational resources can help ensure employees of all levels know how to identify, avoid, and report phishing schemes.
  • Establish email backup and disaster recovery strategies—which ensure your data remains available even during attacks.

Ransomware Attacks on Your Cloud Service Provider

To increase the profitability of each attack, threat actors often directly target cloud vendors, trying to exploit vulnerabilities to penetrate a larger scope of systems. They can then demand ransom payments from many victims.

 Here are tips to help protect your data against ransomware targeting cloud vendors:

  • Demand transparency—service providers often have their own ransomware recovery plans. Ask your provider to provide their plan, to assess the vendor’s ability to respond during major disasters, including ransomware attacks.
  • Plan for an outage—to ensure business continuity, you should have a plan of your own that outlines how to continue operations during vendor outages. For example, you can leverage more than one cloud vendor, using a multi-cloud strategy, to ensure you have somewhere to fail back to during outages. You can also establish a hybrid cloud strategy, using on-prem resources during failures, or leverage a third-party recovery solution.

Cloud Ransomware with NetApp Cloud Insights

NetApp Cloud Insights is an infrastructure monitoring tool that gives you visibility into your complete infrastructure. With Cloud Insights, you can monitor, troubleshoot and optimize all your resources including your public clouds and your private data centers.

Cloud Insights helps you find problems fast before they impact your business. Optimize usage so you can defer spend, do more with your limited budgets, detect ransomware attacks before it’s too late and easily report on data access for security compliance auditing.

Cloud Insights includes Cloud Securem, which can help detect and prevent ransomware attacks. With Cloud Secure, you don’t need to define specific rules or thresholds to detect malicious activity. Instead, Cloud Secure relies on learning what normal looks like, such as burst access by a risk-modelling application, so it can minimize false positives but still trigger protection when it detects something out of the ordinary.

Protection doesn’t stop there - close integration with NetApp storage means that instead of locking out users or applications when a potential threat is detected, a NetApp Snapshot™ copy can be triggered. This copy protects data from that point onward without disrupting applications. Administrators monitoring the systems can then investigate the activity and take further action if necessary, while knowing that data is protected if it comes to the worst.

Start a 30-day free trial of NetApp Cloud Insights. No credit card required.