Can Ransomware Strike the Cloud? Three Types of Attacks
Ransomware has leaped into the mainstream and is now a household name. Over the past few years, we’ve watched businesses, hospitals, schools, and city municipalities fall victim to highly publicized incidents of crypto-ransomware.
Ransomware attacks are characterized by the systematic encryption of files. Once the files are encrypted, the hacker demands that the victim pay a ransom in exchange for the key to decrypt their files.
These cyber attacks are prevalent. Cybersecurity Ventures predicts that by the end of 2019, there will be a ransomware attack on businesses every 14 seconds. And this statistic doesn’t even include attacks on individuals, which occur even more frequently.
[You Might Also Like: "Today's Cyber Threat Landscape: 10 Cyber Security Stats for SMBs"]
Adapting to This Threat
To cope with these attacks both at the business level and as individuals, we are cultivating ways to protect ourselves. Adapting to this developing threatscape means that the value of keeping our computer operating systems updated, being careful of what we click on, and always having a backup is no longer just the lore of IT professionals—it is the responsibility of every individual.
At the same time, technology advancements have driven down the cost of both data storage and high-speed internet service—resulting in an environment that supports the migration of important business functions including email hosting, online applications, and filesharing to the cloud.
Data in the Cloud: Efficient, but Exposed
These innovative cloud services empower businesses with efficient tools that support a highly mobile workforce. But an unintended consequence of this innovation is that our data has left the protective bubble of our traditional network security tools and as a result, is exposed to ransomware in new ways.When companies put services into the cloud, they often neglect them when architecting their backup and disaster recovery plans, mistakenly believing that “the cloud” is synonymous with “backup.” Aware of this gap, hackers are increasingly using ransomware to attack these vulnerable cloud services.
Here are three ways cloud data is vulnerable to ransomware.
Ransomware Syncing to Cloud Filesharing Services
Ransomware most commonly infects the cloud when it originates on a local computer and is then synced to the cloud. The files are encrypted on the compromised device, and the corruption spreads to the cloud. If this occurs in a business network where the infection spreads locally, the whole company’s cloud-sharing system can be compromised as well—multiplying the impact by the number of computers on your network.
Furthermore, if the cyber attack affects the original version of the files and the infected copy of the data in the cloud is now the only copy, the situation becomes even more serious.
Tips to protect yourself and your data:
- Protect local devices with next-gen antivirus solutions that can defend against ransomware.
- Keep your computer operating systems up to date with security patches.
- Use web filtering services to prevent connection to infected websites.
- Disconnect infected devices from the internet immediately and seek technical support from an IT professional.
- Use a third-party backup and disaster recovery solution.
Ransomcloud Attacks
There are also ransomware attacks that target cloud services and don’t jump to the cloud by first infecting a local device. In these attacks, the hacker uses phishing emails to gain control of the user’s email account. Once inside, the hacker can deploy ransomware that encrypts the victim’s email messages and can also cause additional damage and mayhem by using the compromised email account to disperse more malware to the victim’s contacts.
How does this work? Check out this video to see Kevin Mitnick, a “white hat hacker,” demonstrate a ransomcloud attack on an email account. White hat hackers use their skills and expertise to test systems and network security and discover vulnerabilities before malicious hackers can detect and exploit them. In the video, Kevin encrypts all of the email messages in a user’s inbox in minutes.
Tips to protect yourself and your data:
- Learn how to spot and avoid falling victim to phishing emails.
- Protect your email and cloud services with a third-party backup and disaster recovery solution.
Ransomware Attacks on Your Cloud Service Provider
Ransomware can also affect businesses and individuals when the direct target of the attack is their cloud application provider. In August of this year, hundreds of dental offices were prevented from accessing patient charts, appointment schedules, and x-rays when two companies, Percsoft and the Digital Dental Record, fell victim to a ransomware attack.
Tips to protect yourself and your data:
- Ask your service provider to provide their ransomware recovery plan and work only with companies who can demonstrate their readiness to respond to a major disaster, including a ransomware attack scenario.
- Plan for how you will maintain operations if your primary line of business application is unavailable. A line of business application is a platform where you store, access, and alter the information you need to operate your business. If your data is only stored in a cloud application, map out how your employees will continue to provide services if access to that data is cut off.
Ransomware is a major threat to business continuity. At Prosource, we have witnessed the impact that preparedness makes for our clients. We prevent ransomware through the application of security tools and end-user education. Because no prevention tool is foolproof, we prepare for successful recovery by creating comprehensive business continuity solutions that can secure your data whether it lives on your servers, computers, or in the cloud.
For more information regarding ransomware prevention and business continuity plans, contact us today.
At Prosource, we believe your organization’s security is only as strong as its weakest link, so for National Cyber Security Awareness Month, we're taking a more personal approach to awareness. Every week throughout October, we'll send an email with cyber security tips and insights to help you stay protected against cyber threats. Not yet a subscriber? Sign up here.
You can also check out our LinkedIn, Facebook, and Twitter pages for cyber security tips and tricks.