Best Practices for Protecting Against Cloud Ransomware
“This affects me a lot—I am furiously sorry…I do not expect any customers to be left with us when this is over.”
These were the translated words of AzeroCloud and CloudNordic director Martin Haslund Johansson after the two Danish cloud hosting firms suffered a devastating cloud ransomware attack.
On August 18, 2023, cybercriminals shut down the firms’ systems, websites, and email. They also succeeded in encrypting the servers’ disks and two backup systems, crashing the machines and removing access to all company and client data.
The attack left hundreds of Danish companies unable to access everything they stored in their cloud servers—websites, email inboxes, customer systems, customer data, and more.
As heartbreaking as it is, this is a cautionary tale for every modern business. Highly scalable, cost-efficient, and convenient,
cloud environments have become a popular option for companies—and, unfortunately, a more enticing target for ransomware attacks.
Read More:
Cloud Security Tips That Could Save Your Business
What is Cloud Ransomware? And How Does It Happen?
Leading firewall provider SonicWall defines cloud ransomware attacks as events where cyber criminals access your accounts and network, install ransomware applications that encrypt cloud data, and demand a ransom to release the encryption. They also threaten to expose your data if you refuse to pay up.
There are many ways a cloud ransomware can infiltrate your network, but the three main types of attacks are:
Ransomware-Infected File-Sharing Services
According to data storage company Seagate, this attack originates from an infected end-user device, which transmits malware to a cloud-synced file-sharing service that users can access freely. The malware then encrypts the files stored on users' machines.
RansomCloud
Network security solutions provider WatchGuard defines ransomcloud as attacks targeting the data, email communications, and applications organizations store in their cloud environments. Cybercriminals use phishing techniques to access a user’s cloud resources, encrypt the data or services, and hold them hostage until the victim pays the ransom.
Cloud Vendor-Targeted Ransomware
Rather than targeting organizations that contract with cloud service providers (CSPs), this attack targets the CSPs themselves. It aims to infiltrate the CSP’s systems by breaching one of its employees’ accounts. Once the attackers are in, they encrypt data across the entire cloud infrastructure and hold on to it until the CSP pays the ransom.
As the AzeroCloud-CloudNordic incident proves, cloud vendor-targeted ransomware attacks are the most damaging because they can compromise an entire platform, cause widespread disruption, and affect thousands of users.
Read More:
Signs and Symptoms of a Ransomware Attack
How to Prevent Ransomware from Infiltrating Your Cloud Environment
According to The State of Ransomware 2023 report, 84% of private organizations hit with ransomware experienced a loss of business or revenue. Falling victim to a cyberattack can ruin everything you worked so hard to build, which is why keeping your systems secure is critical.
Here are three cloud security best practices according to the biggest cloud providers in the industry:
Google Cloud: Control Access to Your Resources and Data
As your business moves workloads beyond your local (on-premises) network, you must manage and secure workload access across all the environments that host your resources and data. To do that, Google Cloud advises organizations to take the following steps:
- Set Up Zero Trust Security. The zero trust approach assumes all users are hostile. It requires you to “never trust and always verify” anyone trying to access your cloud environments—including those already inside your perimeter. When users attempt to access your resources and data, zero trust security considers their identity and context before authentication.
- Configure Least Privilege. Users should only have the bare minimum access rights required to perform their work. Limiting what they can and cannot access within your cloud environment helps you restrict sensitive information to authorized users.
- Implement Multifactor Authentication (MFA). MFA requires a user to present two or more factors to an authentication mechanism before accessing any resource. These factors typically include a password or passcode and a biometric factor (like a fingerprint) or a possessive factor (like a security token).
Read More:
Trusting No One Can Be Your Best Cybersecurity Move
Microsoft Azure: Prioritize Mitigation
When it comes to cloud ransomware attacks, Microsoft Azure recommends implementing the following prioritization order:
- Prepare
- Limit
- Prevent
While most organizations want to prevent all attacks first, Microsoft Azure explains that ransomware incidents are highly likely to lead to a worst-case scenario, so it’s critical to assume a breach and focus on reliably mitigating the damage it can cause. This is a key principle of Zero Trust Security, which Google Cloud highly recommends.
Prepare for the worst. Limit the resources attackers can access by establishing frameworks that contain and prevent their reach. Lastly, block attackers from entering your cloud environment by strengthening security controls and using the latest
intrusion detection and prevention systems.
Read More:
Is Your IT Team Helping You Prepare for Disaster Recovery?
AWS: Security Is a Shared Responsibility
One of the biggest challenges organizations face regarding cloud security is figuring out what they’re responsible for and what they’re not. Amazon Web Services (AWS) addresses this through its Shared Responsibility Model. The model clearly defines what AWS (the cloud provider) and the customer (your organization) are responsible for regarding security and compliance.
As a rule of thumb, AWS takes care of the security of the cloud, while the clients take care of the security in the cloud:
- AWS’ Responsibility: Security of the Cloud
AWS is responsible for protecting the infrastructure that runs all of its services. They operate, manage, and control the components involved in the hardware, software, networking, and facilities that run AWS cloud services.
- Client’s Responsibility: Security in the Cloud
Your responsibility depends on the AWS services you use for your business and the configuration required to secure those services. Clients are responsible for managing the guest operating system, securing and encrypting their data, classifying their assets, configuring security controls, and setting the appropriate permissions.
The Shared Responsibility Model aims to promote accountability, ease the clients’ operational burden, and prevent cybersecurity vulnerabilities by helping organizations cover their bases.
If your business has data stored in a cloud-hosted environment, and you’re unsure what role your organization plays in cloud security and compliance, you may want to bring that matter up with your IT staff. For more network security advice, contact trusted cloud technology experts like
ER Tech Pros and get valuable, experience-backed insight.
Experience Industry-Leading Cloud Ransomware Prevention
The lack of cloud ransomware protection in growing businesses carries a steep price tag and may come at the expense of your entire business. Never let your guard down.
Equip your business with the latest cybersecurity technology, proven strategies, and highly trained security specialists. Not sure where to start?
ER Tech Pros has the tools, techniques, and teams that help fortify networks and safeguard business continuity.
Stay one step ahead of cyber threats with our comprehensive cloud ransomware protection service.
Search Articles
Healthcare & Tech Articles
