How Cloud technology can protect you against Ransomware
The increasing adoption of Cloud Technologies, both in-house and hosted, has provided hackers and data thieves with new opportunities. An attack that has been around for probably about ten years, ransomware, has moved from corporate and home desktops to attack cloud-based data stores.
Simply put, ransomware encrypts your systems and data. The hacker demands a payment, usually in untraceable Bitcoin, the ransom, before providing you with a decryption key to release your systems and data. Sometimes there is no response to the payment and no key. The malware is usually downloaded from a spoofed or infected site reached by a user responding to a link in a phishing email.
Several reports, including one published by the FBI in 2016, claim that ransomware attacks are increasing year on year. Industry security gurus are concerned that since most attacks are not reported, the actual number of attacks is much higher than previously thought. Afraid of negative publicity, most corporates will pay up.
As an example, the market value of Yahoo dropped dramatically during its sale to Verizon after a ransomware attack was reported in the media. The media reports emerged after Yahoo reported the attack to the authorities. The decrease in the sale price cost the Yahoo owners $360 Million, perhaps more than if they had paid the ransom and kept quiet.
In the past, most attacks were directed at corporate users. However, the attackers are now less discriminating, thinking that lots of users will pay up to recover their treasured family memories, their photos and videos. Lots of small users are equivalent to, or greater than one or two major corporate hits.
Ransomware has spread to the cloud. Many CIOs believe that data in the cloud is secure. That is emphatically not the case. Ransomware variants like Petya, Ransom_Cerber, and Locky can attack Cloud storage. They are specific security issues with Office 365, where data can be stored and shared using OneDrive and other cloud applications.
All organisations will have comprehensive malware protection systems in place. However, the nature of the Cloud means that some of the defence mechanisms and responses will be different and need to be specifically addressed.
There are several ways in which cloud technology can help prevent ransomware attacks and assist with recovery.
Public Cloud Storage
The first and most obvious way is to store information on public cloud storage like OneDrive or Dropbox as a backup to locally held data. This is appropriate for domestic or even small business users. One particular problem for domestic and small business users is that data encrypted by ransomware and held on local storage will be synced with the Cloud storage, thereby rendering backups useless.
The data storage requirements of corporate users are likely to be greater than even the premium versions of these applications. There may also be security considerations in having sensitive corporate data held by an outsourced public cloud service provider.
User Education
While not directly related to Cloud Technology, most ransomware comes via a phishing attack. A user clicks on a link in an email seemingly from a trusted source. The link takes the user to a site where malware is downloaded automatically to the user`s desktop.
A programme of user education is vital, especially in a corporate environment, to educate users not to click on links they don’t recognise or trust. Education programmes can be introduced as part of the migration to the Cloud environment.
Offline and Separate
Keep a separate offline backup of your vital data and systems, one that is in a different place to the normal backup cycle storage. This should be on a different cloud platform. Often, the easiest, quickest and often the cheapest way to recover from a ransomware attack is to completely remove all your systems and data and restore to clean drives from a known clean backup. You, therefore, need a separate clean backup site. Make sure that it does not have a permanent drive mapping.
Drive Mappings
Ransomware will encrypt a network drive with read/write access in the same way as a local hard drive. It occurs often in businesses where employees access shared network folders. Cloud storage will reduce the threat, but not remove it entirely.
Some ransomware variants use drive mappings, either open or hidden through an SMB to detect and attack other storage media. This media could be cloud mapping through a local synchronisation app.