Ransomcloud: The Rise of Ransomware Targeting the Cloud

Intrinsec   ·   Thursday, March 24th, 2022

The following guest post is by Zachary Amos. [Features Editor at ReHack, 3+ years of experience covering Cybersecurity & IoT ]

Ransomware has become one of the most pressing threats facing businesses today. These threats have adapted as people have embraced new technologies and systems to improve security. Users now have to deal with a growing ransomcloud trend.

Ransomcloud is a type of ransomware that specifically targets data on the cloud. Instead of infecting a device like traditional ransomware, these programs take over cloud databases, encrypting their files and demanding payment to decrypt them.

Almost all cloud users use it to store sensitive information, so these attacks could cause a lot of damage. Here’s a closer look at where the ransomcloud trend comes from, how it’s evolving and how people can protect themselves.

Where Does Ransomcloud Come From?

Cybercrime trends like ransomcloud tend to follow the IT trends of businesses and consumers. The ransomcloud wave is no different. Companies and individuals are storing more data on the cloud, so storage has become a valuable target.

The vast majority of data breaches are financially motivated. Cybercriminals will do what can make them the most money, and today, that often means targeting sensitive information on the cloud. People aren’t necessarily storing more valuable data there than on-premise storage, but they’re moving more to the cloud in general.

As of 2019, 94% of all organizations used the cloud and these companies ran 79% of their workloads there. That’s a lot of data and processes, so much that a business couldn’t operate without it. As a result, they are likely to pay quite a bit to restore them, making ransomcloud remarkably profitable.

Types of Ransomcloud Attacks

There are multiple subsets of ransomcloud. The most common kind involves targeting a local device first. Since there are 12.3 billion connected devices globally, businesses almost certainly have easy-to-overlook endpoints that can act as a gateway to their cloud environment. The ransomware gets to the cloud when the infected device syncs with it, then encrypts the rest of the files there.

Other ransomcloud attacks gain direct access to the cloud by getting login details from insiders. Often, attackers will send a phishing email to an employee to get them to reveal passwords or click a link to install tracking software. Once the cybercriminal has the credentials they need, they access the cloud and install their ransomware.

In some cases, cybercriminals will target the cloud provider. Attackers will try to get past its defenses to access data centers and companies’ cloud databases. These types of attacks are less common but can cause a lot of damage.

Recent Ransomcloud Trends

One of the most popular recent ransomcloud trends involves targeting people’s email. Attackers send messages disguised as the new AntiSpam PRO service from Microsoft, ironically promising to help users defend against attacks. When recipients click the link, ransomware will immediately encrypt all their emails and attachments.

More people rely on email to communicate as remote and hybrid work have become more common. As a result, these email-centric attacks can cause more damage, leading to their popularity.

This trend highlights another, larger shift happening in ransomcloud. Businesses are traditionally the most common target for ransomware, but individual users are becoming more popular among cybercriminals. Individuals don’t have as much money to give but often have less security. These attacks will deliver a smaller payday but have a higher chance of success.

How to Defend Against Ransomcloud Attacks

These attacks are troubling, but users can protect against them. Cloud systems come with some built-in protections people should use. For example, services can automatically back up selected files, which can help ensure a ransomcloud attack doesn’t block all of a user’s files. Creating offline backups is a good idea, too.

Many of these attacks start with phishing attempts, so anti-phishing measures can stop them. Companies should teach employees how to spot these attempts and simulate attacks to put these lessons into practice. Turning on multifactor authentication for cloud services will also help, as attackers won’t be able to get in even with a stolen password.

It’s also important to verify a cloud service’s security before using it since some attacks target the providers themselves. Companies should have a backup plan in case something goes wrong and offer consumer protections like automatic backups and insurance.

Finally, businesses should have strong endpoint security. Regularly updated anti-malware software, firewalls, verified updates and encryption are crucial.

Cloud Adoption Requires Cloud Security

Cloud computing comes with many advantages, but users need to know how to use it safely. That means defending against ransomcloud attacks by employing various tactics to stay secure.

These attacks will likely become more common as companies and individuals put more data on the cloud. People who learn about them can better defend against them. These steps will become critical to staying safe as the world becomes increasingly digital.