Cloud service providers (CSPs) can offer a variety of potential benefits to users including ease of scalability and the ability to access data from remote working environments. This means CSPs are storing more and more of customer’s sensitive information, which makes them an attractive target for cyber-criminals. In this BlogBytes article we will explore the cyber threats and ‘ransomcloud’ attacks against CSP storage platforms and actions that can be taken to help protect both the organization and their sensitive client data.
RANSOMCLOUD IS A PRIME TARGET
As described in this article, ransomcloud is a ransomware attack that targets cloud service providers systems, data and clients. The article notes, “In its State of the Cloud 2021 survey of 750 cloud decision makers, [it was] found that at least 50% of cloud-using organizations plan to store sensitive data, including consumer and financial data, at least partly on public cloud services in [the] future.” With more and more data being stored in the cloud cybercriminals are targeting these environments to hold cloud data ransom and as a means to make backdoor attacks on cloud client systems.
VICTIMS OF ATTACK
Another article, summarizing some of the biggest cyberattacks in 2021, describes how a prominent firm that manages IT infrastructure for major companies worldwide was cyberattacked. “[The hackers} sent out a fake software update through the [victims] Virtual System Administrator, which infiltrated … around 50 of their clients and around 1000 businesses in total.” One supermarket chain had to close 800 stores for a week. Fortunately, the FBI was able to gain access to encryption keys to resolve the attack.
Elsewhere in the same piece, the author describes how a ransomware attack on one of the world’s largest meat producers took place: “… it was confirmed that [the firm] paid the $11 million [bitcoin] ransom demand after consulting with cybersecurity experts.”
And finally, the hacking attack on a popular videogame development firm in Europe : “The hacker group accessed source code to game projects in development and encrypted devices. However, the [firm] refused to pay the ransom money, and had backups in place to restore the lost data.”
PLAN – PREVENT – PROTECT
Whether you are a CSP or a cloud client, taking steps to plan, prevent, and protect against a cyberattack are essential. As noted above, the videogame developer had secure backups to recover data that was being held ransom but sadly not every firm is quite so well prepared. A secure, inaccessible data backup should be part of a modern, resilient data protection plan. CSPs and individual firms should take steps to prevent or limit the damage of a cyberattack to include:
- Backup data offline – LTO tape data is inherently offline. When an LTO tape is removed from the drive it is offline and an air gap is created between the data and the system preventing cyber access. The CSP and client should backup data offline to meet recovery point objectives. Backup sensitive data locally offline with LTO tape which can be used to restore quickly and to diminish large egress charges that can occur with hefty cloud data transfers.
- Avoid storing sensitive information in the Cloud – keep the most sensitive information stored locally on LTO tape.
- Encrypt data in the cloud and locally – LTO technology supports tape drive encryption.
- Educate employees – make sure passwords meet strong standards and employees are aware of phishing and other security risks.
- Keep antivirus software up to date – make sure to regularly update and monitor anti-virus systems.
- Test security measures – test the recover and restore processes regularly to meet restore time objectives.
To help stop the spread of cyber warfare throughout a CSPs client ecosystem the CSP could also advise and assist clients with the resiliency practices outlined above, segregate backup domains to maintain distance between client data and establish ‘clean rooms’ to restore infected data in a completely disconnected, sandbox type environment.
Ransomware attacks are prevalent and ransomcloud events are on the rise. CSPs and clients should take the necessary steps to protect data in the cloud and locally with help from LTO technology. See more about protecting your organizations data in this short video.