Before we jump into our topic of ransomware in the cloud let us have a quick history lesson. The early 2000s used to be good old days as far as malware used to go ( yes I am that old ) We had stuff like macro viruses and the ILOVEYOu virus that would cause chaos on your computer but nothing a good format and restore would not solve.

early malware
Good old days !

In little more than a two decades however malware has become a lucrative industry which is become dangerous enough to bring governments to their knees and disrupt complete supply chains of large enterprises. Malware is now a billion dollar industry which is easily able to keep pace with the flourishing cyber-security industry in a never cat and mouse game.

Ransomware brings in the bucks

Ransomware is costing companies millions of dollars with the total cost expected to top around USD 20 billion by 2021. The costs of recovering from such an attack can be many with just a few listed below :

  • Paying the actual ransom ( depressingly common )
  • Legal fees
  • Hiring forensic companies
  • Recovering the data
  • Fines from regulators
  • Cost to recover customer goodwill

The state has become so bad that even DDOS attacks which were once considered hugely dangerous by themselves; are now being just used as distractions to cover up actual ransomware attacks !

With so much to lose and so much money on the line, you can understand why cyber-criminals are spending more and more efforts on ransomware attacks and the cloud is increasingly becoming a target.

Is the Cloud vulnerable ?

The short answer is YES .. cloud storage at the end of the day is as vulnerable to ransomware as on-prem. Storage is storage at the end of the day and ransomware will not discriminate especially with the weak state of cloud security. This has been happening as way back in 2016 and only continue to grow in the future.

A recent IDC report found that 98% of companies have suffered a data breach in the last 18 months and they are increasingly finding weaknesses in their cloud security posture. Weaknesses which cyber-criminals are more than happy to exploit.

With thousands of identities connecting to cloud storage and misconfigurations happening frequently, hackers have more than enough chances to exploit and launch ransomware. Most organizations are also completely unaware of the permissions they have given SaaS applications in their cloud environments which makes this attack even more easy. Attacks on on-prem can also get replicated to the cloud as most companies using cloud storage enable synchronization between their cloud and local storages.

Additionally with the pandemic you have millions of users now on the cloud which makes it an even juicier target for criminals. With the potential of impacting such a large user base you can be sure criminals are busy thinking of new and unique ways to exploit cloud based vulnerabilities

How to protect your cloud environment against ransomware

There is no single magic way of protecting against ransomware unfortunately just like on-prem .

Listing down a few common-sense points below which everyone should follow :

  • Implement a Cloud security posture management solution to quickly identify and fix cloud vulnerabilities in realtime . Enable auto-remediation as quickly as you can !
  • Audit your cloud permission regularly ( especially those given to SaaS applications ) as that is often a blind spot
  • Find out how many SaaS applications you have given access to and put in a process to approve such access going forward. These applications can be misused to gain a potential foothold in your organization.
  • Backup your data ! ( I cannot believe I am writing this in 2022 )
  • Implement a security awareness program around ransomware as the vast majority of attacks still happen due to user mistakes.

All the major cloud providers like AWS , Google and Azure have released guidance on this so be sure to go through those and apply to your specific environment .

Ransomware is going to be huge problem for the foreseeable future but the good thing is that tools are available to protect against this threat. Cloud is being adopted at a massive rate and if you are serious about protecting your environment then make sure to implement the above suggestions ASAP

If you are interested in learning more about the cloud then be sure to check out my earlier post about skills you need to learn here