Dissecting Cloud Ransomware: Lessons Learned and How to be Prepared

Our most recent webinar, “Dissecting Cloud Ransomware: Lessons learned and how to be prepared?” saw Yotam Ben Ezra (Chief Product Officer) and Ofir Balassiano (Head of Security Research) engaging in an in-depth exploration of all aspects of cloud ransomware and methods organizations can deploy to help protect from attacks.

With an ever-increasing reliance on cloud services like AWS, Azure, and GCP, as well as a growing abundance of data, data security has become an issue of utmost concern for businesses that have to function within today's digital landscape. In turn, the rise in the use of cloud services has triggered an explosion of different types of data, the implementation of microservices, and a complex ecosystem of data assets that must be managed and maintained. For this reason, we’re left with questions such as, Where exactly is our data?, How is it being used and moved around our organization?, and most importantly, How can we ensure its safety?

Ransomware has established itself as one of the most destructive threats to an organization, taking data hostage in an attempt to paralyze business operations and extort funds. With 60% of the world's data currently stored in the cloud and approximately 80% of cloud data located within unstructured data services, it’s unsurprisingly a major target for ransomware attacks. We can only assume that as more and more data shifts from traditional setups to the cloud, ransomware will find its way to adapting and expanding its influence to these platforms.

Even though the vast majority of ransomware attacks still remain undisclosed, several instances of successful attacks on cloud environments have been recorded. Generally, attackers gain initial access to these systems through exposed credentials and proceed to compromise the entire setup. This led AWS to conduct an analysis and identify the impact of ransomware on their Amazon S3 object storage service. Although the full scope of ransomware attacks on the cloud is still a mystery, organizations must be vigilant and take precautionary measures to protect their data.

Ben Ezra and Balassiano focused on highlighting the numerous potential ways in which ransomware can emerge in a cloud environment and provided an analysis of the three primary attack scenarios. This included exfiltration and deletion, encryption with an AWS KMS key, and a combination of exfiltration, encryption, and deletion. They also shared effective prevention measures to secure one's data from the dangers of ransomware, like the implementation of a data detection and response (DDR) platform such as Dig’s. DDR allows for seamless monitoring of all data interactions within the environment, automatically identifying and flagging any anomalous events or actions that should not occur.

Organizations of any size must understand the severity of ransomware and take necessary steps to defend their data from attack. Watch the webinar here to learn more about ransomware in the cloud and how to spot the early signs of an attack. And learn how the Dig Data Security Platform helps stop ransomware attacks here.