Ransomware is currently one of the fastest-growing security threats facing individuals and organizations today.
Ransomware works by infiltrating a user’s PC or mobile device via malicious software that is usually installed unintentionally after clicking a link in an email or because it is posing as something else.
Once installed, the software uses cryptography to prevent the user from accessing his or her files and demands a sum of money to be paid before the files are unencrypted.
Ransomware is becoming increasingly sophisticated and the criminals who use it are hitting larger targets in the cloud such as hospitals, banks, and government organizations, in search of higher monetary rewards.
Up until recently, ransomware was only an issue to be concerned about the victim’s local computer or mobile device. However, the most recent wave of ransomware attacks are infiltrating cloud apps, introducing a new and more serious threat for modern businesses.
Table of Contents
The Dangers of Cloud Malware
Almost 44% of cloud malware is known to deliver ransomware, and more than half of malware-infected files are shared publicly, according to a report by security services provider, Netskope.
Cloud service providers are now being directly targeted by ransomware attacks. If a hacker manages to successfully gain access to a cloud service provider, they can essentially launch a ransomware attack that can affect every customer using that service.
The Cloud can also be used to spread malware to other users through the sharing of infected files and automatic syncing. For example, Virlock ransomware specifically targets cloud storage and collaboration platforms, allowing it to replicate rapidly through the whole network from a single infected user.
A ransomware called Cerber targets Office 365 users via malicious macros in Office documents that are attached to spam emails. While Office 365 automatically disables macros to prevent malware from entering the system, Cerber uses social engineering to trick the user into bypassing this security feature.
While many cloud services offer the option to recover a previous version of files, this does not mean that they are safe from ransomware. If the user has the option to delete these previous versions, so does the malware.
Cloud applications including file-sharing, collaboration and social networks are becoming one of the most common ways of spreading malware and 1 out of every 10 companies has malware in their cloud storage facility. It is therefore vital that any company using the cloud for storage or collaboration invests in automated daily backup and daily cloud apps auditing in order to detect and recover from malware attacks.
However these examples do not mean that using the cloud for backup and collaboration is riskier than confining all software to in-house. Indeed, most small to medium businesses do not have the resources to ensure state-of-the-art security for their data and in this case, relying on the more sophisticated security measures of enterprise cloud providers is both economical and provides enhanced data security.
How to Reduce the Risk and Impact of Ransomware Attacks in The Cloud
Software vulnerabilities are a very common way that hackers gain access to systems, allowing ransomware to be installed. The best way to protect yourself from vulnerabilities is to ensure that software is always kept up to date and patched for urgent security updates.
Many businesses struggle with ensuring patches are up to date and installed on every machine within the organization, so a system for deploying updates in a timely fashion is essential for securing the integrity of the network.
Mobile code such as Java and Flash can also be used to make calls to a website to download malicious software. Removing them from your browser will increase the security and make ransomware attacks less likely.
It is also important to provide thorough security training for staff and educate them on the ways in which malware can infect files. This alone can reduce the risk of ransomware that is installed due to a user clicking a link in a phishing email, for example.
Each organization should develop their cyber security policies carefully, making sure to account for working in the cloud. For example, restricting the use of cloud applications to enterprise-level software only will greatly reduce the risk of malware attacks due to their superior security controls.
Cloud-based antivirus software, network monitoring and threat detection including the ability to block suspicious activity is another very effective way to create a more secure computing environment when there are a lot of users on the network.
Regular backups with efficient recovery capability are the best way to recover from a ransomware attack, as they allow an earlier, unencrypted version of the data to be restored, thereby nullifying the effect of the ransomware.
Most cloud service providers have secure backups (indeed this should be an essential requirement when looking for a cloud provider), however if they do not have an efficient recovery procedure in place (such as the one-click recovery service offered by Spinbackup), it may take days or weeks to restore files to their original unencrypted state, which can cost affected organizations greatly in terms of lost business hours.
It’s also essential that cloud service providers use sophisticated and up-to-date anti-malware on their servers, in order to detect any infected files.