Ransomware Cloud Attack
#Ransomware has become one of the most disturbing #cybersecurity threats in recent years. Attacks like NotPetya, WannaCry, and Cerber have affected hundreds of thousands of companies and individuals globally.
The danger of ransomware
Ransomware is a common term for a pretty peculiar type of attack in which an attacker encrypts or locks all data on a victim’s computer and demands payment to restore access to that data.
According to a report by the US Department of Justice, the number of ransomware attacks has quadrupled in the last three years. One of the biggest dangers posed by ransomware attacks is their expense for victims: the damage costs of these attacks are predicted to reach as high as $11.5 billion. These costs include not only payments demanded by hackers but also losses related to other factors, including:
The first ransomware attacks used pretty simple encryption tools and techniques so that the encrypted data could easily be restored using reverse engineering. But lately, hackers have moved to more complicated versions of ransomware that use complex encryption algorithms and are harder to mitigate.
There are several common methods that hackers use for spreading ransomware, including malicious email attachments, compromised websites, and infected software applications. At first, attacks relied on some kind of user interaction: a victim had to open an infected email or visit a compromised website. Today, however, hackers are able to perform attacks even without user interaction, for instance by exploiting the remote desktop protocol (RDP).
Why is the #cloud so attractive for hackers?
Contrary to common belief, cloud environments are just as vulnerable to ransomware as regular PCs. What differs are the ways you can discover, respond to, and try to prevent these cyber-attacks on cloud services.
There are several reasons why #hackers may switch their focus to cloud-based systems in the near future.
Large amounts of data?– Cloud computing companies host enormous amounts of client data, thus inevitably attracting the attention of cybercriminals. Plus, some cloud service providers run photo libraries or provide email services. The more data attackers can get access to, the larger the ransom they can demand in exchange for that data.
Faster transmission?– Cloud-based systems can be used as a channel for spreading a ransomware attack, just like infected emails and compromised websites. All that attackers need to do is upload an infected file to the cloud and share it with other users.
Lots of sensitive data?– The sensitivity of data stored in the cloud by both enterprises and individual customers also plays a significant role in drawing attackers’ attention to cloud computing businesses. More and more people are deciding to keep their valuable information in the cloud, relying on its presumably high security. While big players in the market – such as Google, Amazon, Microsoft, and IBM – have enough resources to hire additional expert teams to boost their digital security, smaller businesses have limited resources and therefore are likely to be more vulnerable to ransomware attacks.
How ransomware infects the cloud
Curiously, cloud-based systems can be infected with ransomware through pretty much the same channels as on-premise solutions: phishing, infected software, and websites. The most common types of cloud ransomware include Microsoft Office macros, JavaScript exploits and droppers, PDF exploits, Linux malware, and backdoors.
When hackers obtain unauthorized access to a cloud service provider, they can launch a ransomware attack that will directly affect every customer using that service. In this case, the consequences of the attack can be disastrous for a cloud service provider as all customers’ data will be encrypted.
领英推荐
In other cases, cloud services can be infected with ransomware by an authorized user or a penetrated attacker who compromises a legitimate user’s credentials via social engineering. These malicious insiders can then upload an infected file to the cloud and spread it by sharing it with legitimate cloud users.
This method of infecting cloud platforms is very common. For instance, in 2016, a massive attack on the Microsoft Office 365 cloud service was executed with ransomware called Cerber. An attacker uploaded a decoy document that contained malicious macro code that downloaded Cerber malware files to users’ machines after sharing the infected document.
There are also many others cases when hackers use cloud-based systems as a channel for spreading ransomware. Cloud service providers should monitor what kind of data is uploaded to their systems in order to prevent ransomware from spreading.
Protecting the cloud from ransomware
Since there is an increasing number of ransomware attacks in the cloud, you should stay one step ahead of cyber attackers and be ready to withstand this new type of cybersecurity threat.
But how can you protect your cloud-based systems from ransomware? Below, we list several approaches that may help you detect an attack or even prevent it from happening and defend your cloud-based system against ransomware.
Regular scanning –?Scan your entire system for vulnerabilities and perform penetration tests regularly. In this way, you can ensure that all susceptible parts of your system are reconfigured or patched to address new exploits and vulnerabilities in time. You also need to know what third-party applications are integrated into your cloud environment and what data these applications have access to.
Multi-layered protection –?Use traditional signature-based antivirus and heuristic analysis methods to improve malware detection in the cloud. It’s important to deploy a multi-layered protection strategy to increase the possibility of detecting novel malware strains.
Intrusion detection and prevention monitoring –?Deploy intrusion detection systems and intrusion prevention tools to continuously monitor your system. These tools can help you detect possible threats and terminate them in a timely manner.
Behaviour analysis –?Behaviour analysis tools are helpful in detecting a ransomware attack at an early stage. The main benefit of a behaviour-based approach is that it detects core behavioural traits that are common to most variants of ransomware: suspicious setup procedures and data encryption. Signature behaviours of ransomware include updating an audit policy, initiating a connection to a domain or IP with a bad reputation, or sending data via a covert channel.
Sandboxing –?Create sandboxes for all applications integrated into your cloud environment to record and analyse their behaviour in a safe manner. Use the information gathered from these sandboxes to determine what a malicious file intended to do and how it could affect your system.
Proactive alerting –?Create an alert system so you can be notified immediately of any suspicious user or application activities. Even if you won’t be able to save the already infected part of the system, you may be able to stop an attack from spreading further across the cloud.
File integrity monitoring –?Increase your chances of detecting ransomware by deploying file integrity monitoring tools. These tools can help you detect massive file modifications and block the application that attempts to make these changes.
Conclusion
Cloud computing businesses are not immune to ransomware. Protecting your cloud-based systems and services from ransomware should be taken just as seriously as traditional on-premises defence. A multi-layered security strategy that includes regular scans, monitoring, audits, and backups is essential for ensuring the protection of your cloud services.