Ransomcloud is a style of ransomware that attackers use to target cloud systems, such as SaaS platforms, says Arnaud Treps, Chief Information Security Officer at the software company Odaseva.
Attackers typically gain access to a victim’s cloud credentials through phishing techniques, malware installed on a user’s device, API key leaks or other malicious methods. Then they use the cloud service API to export the data and overwrite it with an encrypted version. To obtain the decryption key, victims must then pay a ransom in return. Victims will pay to avoid material damage to the company, including business interruption, fines for non-compliance with data security laws that could have prevented the attack, reputational impact, etc.
Ransomware attackers are opportunists that follow market rules, which means they choose the most optimal balance of effort versus potential revenue. The most at-risk organizations are ones with vulnerabilities like missing security patches or a weakness in multi-factor authentication, and ones that attackers believe are most likely to pay the ransom. This makes it worthwhile to target SaaS applications that support critical business activities and where the victim organization may not have realised the shared responsibility model for cloud security and therefore the measures that need to be put in place.
As large organizations are increasingly adopting cloud platforms for critical services, they’ve become a more attractive target for attackers. This is partly due to IT leaders mistakenly believing the cloud vendor is responsible for protecting their organization’s data (according to a recent research report by ESG, 35 per cent of IT leaders rely solely on platforms to back up SaaS data), and as a result not taking the necessary security measures to protect end-user device security, cloud login credentials, and/or vet third-party applications – all of which leave the organization vulnerable to a ransomcloud attack. But these ‘multi-tenant’ infrastructure-level backups do not cover attack scenarios using customer credentials.
But organizations can protect themselves against catastrophic ransomware attacks on their cloud systems. The key word is preparation:
– Prevent the risk by putting safeguards in place, such as strong authentication and an effective backup plan;
– Have the means to quickly detect and block the attack;
– Have the tools to identify the impacted data and implement the recovery plan; and
– Regularly test these mechanisms and processes.
