loading...

Ransomware infects cloud services too: How to Deal with it

Ransom ware is a type of malware or virus that prevents user access to devices, files or applications, requiring the victim to pay a ransom to regain access. The ransomware that we most often see encrypts the user’s files and then asks the user to pay a ransom in bitcoins — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.

Most Enterprises, small companies and everyone in between is adopting cloud-based tools and environments for their business and personal needs. By saving data in virtual environments, companies are becoming more flexible and saving money on their IT infrastructure, allowing them to do better business and enhance revenues in the long run.

The cloud is an amazing technology that is helping organizations improve productivity, collaborate better, scale their IT strategies and increase cost-effectiveness within their infrastructure. But, Cloud environments are no less susceptible to ransom ware than other environments. However, they have properties that can make response and preparedness different. 

Using an infrastructure as a service (IaaS) platform gives the cloud customer more visibility into the underlying OS than other cloud models, but this, in turn, means that issues, like patching — particularly in the case of legacy or special purpose systems — are just as complex as in other environments, and therefore may take longer than one might like.

The issue is that an IaaS environment might be susceptible to ransomware. What is different with IaaS, though, is how the organization discovers the ransomware, how it responds and how it protects against the threat. As a practical matter, different personnel are often responsible for direct oversight of IaaS workloads compared to other technology.

Even SaaS isn’t immune — consider storage such as Dropbox, Google Drive, etc. Typically, these services work by syncing local files to the cloud; for a small organization, this might constitute its primary storage, backup or data sharing mechanism. What happens when the local files are encrypted, deleted, overwritten with garbage or otherwise compromised by ransomware? Those changes will be synced to the cloud.

Companies have traditionally been hesitant to invest in cloud-based tools due to the common idea that the cloud is less secure than on-premises infrastructure. However, this is nothing more than a misconception – cloud environments provided by a dedicated cloud partner are just as secure, it not more so, than your on-premises solutions.

What can organizations do to prepare for ransomware in a cloud environment or any other environment? Probably the most effective thing organizations can do — for both cloud environments and for any other environment is:

  • Backing up data and ensuring cloud infrastructure is as secure as possible is critical in order to prevent any sort of intrusion. Keeping data safe is paramount, because targeted attacks can come in many forms.
  • Organizations should be careful when moving their data and applications to the cloud.
  • To undertake a systematic risk assessment.
  • Keeping a manually synced or time-initiated mirror of data at another repository, assuming that the volume in question isn’t such that this is prohibitively expensive.
  • Beware of Phishing emails and malicious attachments.
  • Keep Windows and installed software up-to-date.
  • If you or your company is hit with ransomware, resist the temptation to pay up.

 

Ransomware infections have spread beyond traditional platforms and it’s important to ensure protection, especially within your cloud environments.

 

Jahnavi M

Vulnerability analyst, Technical Writer, Security Blogger, Co-founder—SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: