As cloud based business’s are the lifeline of several organizations, ransomware attackers have set the cloud as their object of target. Read on to know more…
Ransomware is a type of malware that targets corporate businesses, public agencies, or even individuals by means of digital extortion. In general terms, Ransomware denies the victim access to their content until a fee (the ‘ransom’) is paid, and promises to restore access subsequently. Generally, Ransomware can be categorized into two main classes: those strains that encrypt files and deny access to data (crypto ransomware) and those that incapacitate the use of a device, typically by locking its interface (locker ransomware).
As cloud based businesses’s are the lifeline of several organizations, ransomware attackers have set the cloud as their object of target. The Vectra 2019 Spotlight Report on Ransomware finds that the most significant ransomware threat — in which hackers steal your data and hold it for ransom — is malicious encryption of shared network files in cloud service providers. San Jose, California-based Vectra released the report ahead of the Black Hat 2019 security conference in Las Vegas last year.
Cybercriminals’ most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-Service (IaaS) cloud providers. Ransomware writers are targeting organizations that are most likely to pay larger ransoms in order to regain access to files encrypted by ransomware. The costs of downtime due to operational paralysis, inability to recover backed-up data, and reputational damage are particularly catastrophic for organizations that store their data in the cloud.
Ransomware operators today can easily evade network perimeter security and perform internal reconnaissance to locate and encrypt shared network files on a cloud. By encrypting files that are accessed by many business applications across the network, attackers more quickly achieve an economy of scale that is far more damaging than encrypting files on individual devices.
A comprehensive user and entity behavior analytics modeling can offer prediction capabilities based on a fundamental understanding of how a user and their peers interact with the different cloud service providers. These dynamically learnt models can be combined with activity monitoring, which surfaces all the meta information for files that are being acted upon, enabling customers to detect characteristic ransomware activity signatures and report them in real time.
Most AVs that claim protection against ransomware are entirely signature based i.e. they detect based off of a set of fixed and static rules and fail to adapt to this rapidly growing threat. While regular security patches and a strong enterprise backup solution are key to protecting corporate data from ransomware, more is needed. The ability to differentiate organic user behavior from a machine generated attacks can be key in countering those strains that get through AV filters and potentially avoiding further spread inside the organizations.
By researching and understanding the telltale signs of ransomware, organizations can be able to develop advanced detection algorithms that alert customers to ransomware attacks on their cloud-based file sharing systems early, mitigating potential loss.