Blog

Ransomcloud Attacks: What to Know About Cloud Ransomware

Nighttime lightening storm over a city

If businesses intend to store sensitive data online, they must protect it from cloud ransomware attacks.

Many businesses have good reason to invest in cloud-based technology and storage solutions — they’re cost-effective, scalable, and benefit remote working environments in a post-COVID world. Unfortunately, as 50% of organizations plan to store sensitive data online, the cloud has become a lucrative target for cyber criminals. Data security specialists can expect cloud ransomware, or “ransomcloud,” to become an increasingly prevalent threat to businesses large and small.

If we hope to address cloud ransomware, we must identify its methods of attack and adapt our security plans accordingly. So let’s take a closer look at the state of ransomcloud attacks .

Learn more about cloud data security with Cloud Data Security – The Ultimate Guide.

What Is Cloud Ransomware?

Cloud ransomware is a ransomware attack that targets data stored in cloud-based data stores. The cloud can be a lucrative source of sensitive data for malicious actors, encompassing personal identifiable information like financials, addresses, and social security numbers. Once a data breach occurs, the ransomware either extracts or encrypts data that attacks can use as leverage against the host organization, often in the form of a cryptocurrency payment to restore the system. As organizations transfer data from on-prem storage to some combination of a public cloud or SaaS platform — which 43% of small-to-midsize-businesses (SMBs) are doing — they increase the number of vulnerabilities where ransomware might enter the system.

Outside of the immediate impact of data loss and encryption, cloud ransomware can prompt countless downstream effects for customers and clients. Take the case of payroll provider Kronos, who suffered a ransomware attack that disrupted cloud operations and prevented companies from delivering payments. This attack ultimately disrupted HR operations from major companies like Honda, GameStop, Whole Foods, and many others.

The good news is most ransomcloud attacks don’t reinvent the wheel — they act as extensions of existing malware threats that make their way into cloud storage. Unfortunately, as remote and at-home workplaces become more common, securing every possible endpoint against ransomware becomes more challenging.

There are few ways for cloud ransomware to compromise a cloud system.

  1. A standard ransomware attack compromises a local device and syncs files automatically with a connected cloud storage solution. This is the most common ransomcloud method that malicious actors use to access a system.
  2. Cyber criminals can also gain access by phishing individual users, then extracting or encrypting any cloud data from available permissions.
  3. Finally, a ransomcloud attack can focus attacks on a specific cloud provider to uncover security vulnerabilities or brute-force their way through a password login.

Examples of cloud ransomware

Before the cloud emerged, ransomware like CryptoLocker spread by detecting and infecting any connected local and network drives. Today, ransomware designers produce variants that bypass cloud protections or piggyback file syncs to reach as many systems as possible. Here are a few examples:

  • Jigsaw: The original Jigsaw ransomware was created in 2016 in association with an email phishing scheme. A new Jigsaw variant, however, seeks out files on OneDrive storage. After encrypting these files, OneDrive automatically syncs them with local and network drives, potentially infecting entire organizations in a single stroke.
  • Petya: Where Jigsaw targets cloud storage, Petya leverages cloud infrastructure to infect local systems. This cloud ransomware was first detected as part of a phishing email campaign with a job application Dropbox link. Instead of a resume, users downloaded a self-extracting executable that infected local systems.
  • RANSOM_CERBER.cad: This ransomware variant targets individuals and businesses running Microsoft’s cloud platform, 365. RANSOM_CERBER.cad spreads through malicious macros within Office documents, downloading the ransomware while bypassing Microsoft’s usual protections.

How can businesses defend against cloud ransomware?

Once a ransomware attack succeeds, most businesses have few options for recourse. Solutions are costly and frequently time-consuming to implement. Therefore, the best defense against cloud ransomware is to take measures which can prevent the attack from occurring in the first place.

  • Encrypt data: One way to protect sensitive data stored on the cloud is to encrypt files in advance. Statistically speaking, encryption is not consistently enforced — one report revealed that 83% of businesses do not encrypt at least half of their data. Reasons for this vary, though it often comes down to weighing cost and practicality. It may simply be deemed not worth the resources to encrypt non-sensitive data; but cloud data should be considered sensitive, and therefore deserves encryption. Look specifically for encryption solutions that manage data stored in the cloud or during transit.
  • Secure endpoints: According to the ITRC, unsecured cloud databases were primarily responsible for a 32% increase in data compromise victims in Q3 2021. That’s why it’s vital to protect every endpoint on your network. In 2022, that includes mobile devices alongside traditional computers and laptops — especially when many consumer smartphones collect and store payment data.
  • Keep multiple backups: In most cases, data specialists cannot repair data once it’s encrypted by ransomware. For that reason, businesses should maintain backups of cloud data to restore systems and resume services as soon as possible. Make sure to store copies of these backups locally and on the cloud — that way, you have alternatives if ransomware renders one of your systems inaccessible.

How Symmetry Systems protects against cloud ransomware

While data backups and employee education are excellent best practices, businesses dealing with particularly sensitive data may need to go a step further. That’s where Symmetry Systems’ hybrid cloud data security platform, DataGuard, comes into play. DataGuard analyzes your cloud in a sealed, read-only state to construct a comprehensive risk graph of all principals within the system.

With real-time visualization, businesses gain a detailed risk assessment of all data stores, right down to the object store level. More importantly, DataGuard will alert data specialists and infrastructure engineers about threats during operations using pre-assigned data firewall rules so they can be resolved quickly and efficiently.

Symmetry Systems is the first company to offer a hybrid multi-cloud data security platform. Its expertise makes DataGuard one of the most effective data security solutions for organizations DataGuard can tell you where your sensitive data is, who has access to and how it’s being used. If you’d like to get a custom risk map of your organization, we would be delighted to set you up with a demo and outline how straightforward the install is.