Ransomcloud: a growing threat vector to be taken seriously

It was only a matter of time before ransomware groups got attracted by the gravity of valuable corporate data in the cloud. With new malware tactics they are exploiting cloud-specific vulnerabilities like Log4J to infect and steal corporate cloud data, a trend referred to as ransomcloud. Companies need to strengthen the cyber resiliency of their multicloud environments, enhance their abilities to identify symptoms of attacks, and, if necessary, be able to restore quickly.

Humans have a deep-seated need to name and be named, and researchers have long acknowledged that there is great power in naming things. The fact that with ransomcloud — a new term has arisen to describe this malware phenomenon — is a direct reflection of how relevant this new type of cyber threat has evolved overtime. There is more data in the cloud than ever and it is not a surprise that groups of cyber criminals are motivated to get their hands on this information.

Many organizations are using the cloud today to store key, sensitive, business critical data. Analysts like IDC assume that there will be zettabytes of data stored by 2025. According to IDC, digitally transformed companies use data to develop new and innovative solutions for the future enterprise, and the stronger usage of cloud technologies has contributed to a faster growth of data as well. This growth in use of cloud goes hand-in-hand with a rise in multicloud environments. The Flextra 2022 State of the Cloud report found that 89% of organizations have a multicloud strategy.

It is not hard to see why multicloud solutions are appealing. Being able to mix and match services from public cloud, private cloud, and on-premises providers allows organizations to tailor services and fine-tune them to get the best fit for their needs. With more options to select from, organizations can ensure they get best value for money, and can adopt new services as they become available. Multicloud is also used as a strategy for avoiding vendor lock-in and safeguarding against outages or downtime which might affect one cloud provider but allow an organization to keep working.

These are all significant advantages, but the use of a multicloud strategy is not without challenges and one of these is ensuring data is secure and safe over several different platforms. Thales global 2021 Cloud Security Study found that 83% of organizations encrypt less than half of their sensitive data in multicloud environments.

Ransomware evolves to ransomcloud

With unprotected data in such volume, it is no surprise that bad actors see rich pickings. Where once their focus was primarily on locking organizations out of access to their own data (whether encrypted or not) until they pay a ransom, today there is a growing emphasis on “data exfiltration” – stealing data from an organization.

Once a bad actor has your data, they can do what they like with it, and releasing it onto the dark web unless a ransom is paid is a popular choice. When a company’s list of customers, contracts, or other sensitive data is released there are multiple ripple effects like the rings that appear when a stone is thrown into water, the immediate shock followed by waves of reputational damage, customer retreat, and potential fines for breaching data protection and other compliance rules.

Nearly half (46%) of the respondents to Thales’ survey said managing privacy and data protection in the cloud was more complex than doing so on-premises. It isn’t hard to see how organizations might feel the problem of managing and protecting data is even more acute in a multicloud environment.

Flatten the blast radius of cyberattacks

But it is absolutely vital for organizations to protect themselves from ransomcloud attacks. They should treat their cloud instances as any other data store and maintain a highly secure backup of the data. To do this they need a next-gen data management solution that includes a zero trust security principle at the heart of its architecture – an approach in which no individual and no node is exempt from scrutiny, and where every attempt to access data is checked and authorized – or not authorized.

And detection, enabled by AI, is an important complement to a zero trust approach. It is designed to minimize the risk of data exfiltration with early detection of ransomware attacks by identifying anomalies in the backup data ingested by the platform.

And with zero-trust, encrypting data is a “must have” – why allow the bad actors to execute their exfiltration activity with ease? This means ensuring backups are encrypted and that backups can be restored quickly in the event of any breach occurring.

With a ransomcloud attack entirely capable of paralysing an organisation, there are further mitigations needed that sit alongside a zero trust approach. Encrypting data is a “must have” – why allow the bad actors to execute their exfiltration activity with ease? This means ensuring that backups as well as live data are encrypted and that backups can be restored quickly in the event of any breach occurring via automated rapid recovery. It also means giving data the same treatment wherever it resides – on premise, in a hybrid cloud or in public cloud, and ensuring that any solution integrates with third party applications and solutions being used. 

 

Backups alone are no longer enough to safeguard against ransomware attacks. To stay ahead of the bad actors, an organisation needs to take the three-pronged approach of zero trust, encrypted backup and fast restore via automated rapid recovery. Only this comprehensive and rounded approach to data protection can help an organisation stand up to the latest ransomware scourge of ransomcloud without compromising the ability to cherry-pick the very best fit services in a multi-cloud environment.