Ransomcloud: a growing threat vector to be taken seriously

coding

It was only a matter of time before ransomware groups got attracted by the gravity of valuable corporate data in the cloud. With new malware tactics they are exploiting cloud-specific vulnerabilities like Log4J to infect and steal corporate cloud data, a trend referred to as ransomcloud. Companies need to strengthen the cyber resiliency of their multicloud environments, enhance their abilities to identify symptoms of attacks, and, if necessary, be able to restore quickly.

Humans have a deep-seated need to name and be named, and researchers have long acknowledged that there is great power in naming things. The fact that with ransomcloud — a new term has arisen to describe this malware phenomenon — is a direct reflection of how relevant this new type of cyber threat has evolved overtime. There is more data in the cloud than ever and it is not a surprise that groups of cyber criminals are motivated to get their hands on this information.

Many organizations are using the cloud today to store key, sensitive, business critical data. Analysts like IDC assume that there will be zettabytes of data stored by 2025. According to IDC, digitally transformed companies use data to develop new and innovative solutions for the future enterprise, and the stronger usage of cloud technologies has contributed to a faster growth of data as well. This growth in use of cloud goes hand-in-hand with a rise in multicloud environments. The Flextra 2022 State of the Cloud report found that 89% of organizations have a multicloud strategy.

It is not hard to see why multicloud solutions are appealing. Being able to mix and match services from public cloud, private cloud, and on-premises providers allows organizations to tailor services and fine-tune them to get the best fit for their needs. With more options to select from, organizations can ensure they get best value for money, and can adopt new services as they become available. Multicloud is also used as a strategy for avoiding vendor lock-in and safeguarding against outages or downtime which might affect one cloud provider but allow an organization to keep working.

These are all significant advantages, but the use of a multicloud strategy is not without challenges and one of these is ensuring data is secure and safe over several different platforms. Thales global 2021 Cloud Security Study found that 83% of organizations encrypt less than half of their sensitive data in multicloud environments.

Ransomware evolves to ransomcloud

With unprotected data in such volume, it is no surprise that bad actors see rich pickings. Where once their focus was primarily on locking organizations out of access to their own data (whether encrypted or not) until they pay a ransom, today there is a growing emphasis on “data exfiltration” – stealing data from an organization.

Once a bad actor has your data, they can do what they like with it, and releasing it onto the dark web unless a ransom is paid is a popular choice. When a company’s list of customers, contracts, or other sensitive data is released there are multiple ripple effects like the rings that appear when a stone is thrown into water, the immediate shock followed by waves of reputational damage, customer retreat, and potential fines for breaching data protection and other compliance rules.

Nearly half (46%) of the respondents to Thales’ survey said managing privacy and data protection in the cloud was more complex than doing so on-premises. It isn’t hard to see how organizations might feel the problem of managing and protecting data is even more acute in a multicloud environment.

Flatten the blast radius of cyberattacks

But it is absolutely vital for organizations to protect themselves from ransomcloud attacks. They should treat their cloud instances as any other data store and maintain a highly secure backup of the data. To do this they need a next-gen data management solution that includes a zero trust security principle at the heart of its architecture – an approach in which no individual and no node is exempt from scrutiny, and where every attempt to access data is checked and authorized – or not authorized.

And detection, enabled by AI, is an important complement to a zero trust approach. It is designed to minimize the risk of data exfiltration with early detection of ransomware attacks by identifying anomalies in the backup data ingested by the platform.

And with zero-trust, encrypting data is a “must have” – why allow the bad actors to execute their exfiltration activity with ease? This means ensuring backups are encrypted and that backups can be restored quickly in the event of any breach occurring.

With a ransomcloud attack entirely capable of paralysing an organisation, there are further mitigations needed that sit alongside a zero trust approach. Encrypting data is a “must have” – why allow the bad actors to execute their exfiltration activity with ease? This means ensuring that backups as well as live data are encrypted and that backups can be restored quickly in the event of any breach occurring via automated rapid recovery. It also means giving data the same treatment wherever it resides – on premise, in a hybrid cloud or in public cloud, and ensuring that any solution integrates with third party applications and solutions being used. 

 

Backups alone are no longer enough to safeguard against ransomware attacks. To stay ahead of the bad actors, an organisation needs to take the three-pronged approach of zero trust, encrypted backup and fast restore via automated rapid recovery. Only this comprehensive and rounded approach to data protection can help an organisation stand up to the latest ransomware scourge of ransomcloud without compromising the ability to cherry-pick the very best fit services in a multi-cloud environment.

Ezat Dayeh

Ezat Dayeh is Senior Systems Engineering Manager, Western Europe at Cohesity.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...