No Automatic Cloud Antidotes for Ransomware
When it comes to cybersecurity, there’s simply no place to hide any more. Up until a year or two ago, managed service providers could advise their clients to copy data to the cloud and store it there. As long as organizations had invested resources to defend their cloud infrastructures, the IT department could always count on retrieving clean backup copies just in case intruders had corrupted company files stored in on-premises equipment. That’s no longer necessarily true, as security executives have discovered after ransomware attacks wreaked havoc with their cloud installations.
In ransomware attacks, hackers encrypt files with malware and can hold the data hostage unless the victim pays a ransom, often in the form of Bitcoins. Ransomware has proved to be quite a successful way to extort money. In the United Kingdom, for instance, more than a third of ransomware victims pay up, according to a survey by the University of Kent.
More than 120 types, or “families,” of ransomware now exist, and the Department of Justice estimates that one popular ransomware strain, the CryptoLocker virus, has compromised more than 260,000 computers worldwide since its inception in 2013.
Impact on Cloud Security
The increasing frequency and scope of ransomware attacks has also shed doubt on the notion that the cloud is not a target. Consider the experience of an organization called Children in Film. Just before last New Year’s Eve, a company employee inadvertently opened an unknown email attachment that contained ransomware. That common mistake set off a sequence of events allowing the attacker to block access to files that were stored on a cloud drive.
“Someone in my office was logged into Outlook and opened up invoice attachment and, BAM!–within 30 minutes, every single file on our Q drive had ‘vvv’ added as file extensions,” Toni Casala, the head of Children in Film, would later recount. What’s more, he said, “every single folder had a file that said “help.decrypt,” which included the attacker’s’ instructions for paying the ransom.
Casala was more fortunate than most ransomware victims since the company’s cloud provider maintained daily backups of the organization’s data. Still, it took nearly a week to restore all of the files that had been held hostage.
The emergence of ransomware as a favored tool of attackers is particularly worrying given the success that cybercriminals have enjoyed with social engineering techniques and phishing. IT now has to factor in the likelihood that attackers will step up their targeting of employees not only to compromise data stored in the cloud, but to also use the cloud to propagate infections on a wider scale.
That was the case with the latest Cerber malware variant, which was created to market to other attackers. Elsewhere, a strain known as Petya, which uses a cloud-hosted payload to contaminate Windows-based PCs, has been employed.
What Are Your Options?
Some services offer cloud-to-cloud backup solutions that maintain secure, second copies of an organization’s files, including any prior versions. However, even if an organization ues a cloud storage service, that’s no guarantee against accidentally uploading infected files. The challenge of trying to revert to an uncorrupted version is compounded by the fact that many cloud storage services don’t save prior versions.
In the absence of having data backups, the only other option the victim has is to pay the ransom. Hardly the preferred choice.
To be sure, ransomware attacks may stoke renewed fears about the wisdom of moving data to the cloud. If ransomware attackers can still grab control over private files that organizations store on cloud services, why bother with the time and expense of a cloud migration?
Here’s where MSPs can bring their experience to bear and calm unnecessary jitters. Their challenge will be to defuse concerns by providing companies with solutions that help defend against ransomware.
MSPs also need to offer perspective: There’s no such thing as absolute cybersecurity. We live in an era where even the National Security Agency is vulnerable to hackers. All the more reason to make sure to stress the basics. As with anything security-related, when it comes to the cloud, organizations will need to adopt a multi-layered approach, including:
- Create daily backups on “clean” devices that don’t get connected to the network. “Offline backups offer full control over your data at all times.
- Education initiatives: Train employees to be more diligent about downloading files, especially those of unknown origin–a favorite tactic used by phishers to distribute malware.
- Deploy firewalls and security appliances that filter out malware before it penetrates the network.
- Use spam blockers and filters to separate out phishing attempts on user emails
- Use anti-virus monitoring and scanning tools that detect the presence of rogue programs. Any effective defense requires monitoring tools that can detect ransomware infections before they have an opportunity to spread throughout a network.
This content is underwritten by VMware — and is editorially independent. It is produced in accordance with conventional standards of business journalism.
Charles Cooper is an award-winning freelance author who writes about business and technology. During his 30-plus year career, he has worked as an executive editor at several leading tech publications including CNET, ZDNet, PC Week and Computer Shopper.