Is Cloud Storage Safe from Ransomware?

Is cloud storage safe from ransomware attacks?

The short answer is, it depends on, well, several things. Though, whether or not cloud storage is definitively safe is beside the point because the “cloud safety” conversation has changed.

See, the cloud has transformed the way we communicate, collaborate, and access information — both at work and in our personal lives. And, there’s no going back.

These days, the cloud is a basic business requirement. It represents the first step toward digital transformation — and all of the benefits that come with the territory: visibility, agility, resilience, and the data-driven decisions and automations organizations need to win in these complex conditions. In other words, you need to be there.

At the same time, you need to be aware of the risks of doing business in the cloud. And — more importantly how to protect your data, your business, and your customers from ransomware attacks. Here’s what you need to know:

Biggest Ransomware Threats to Cloud Storage

Ransomware attacks are all over the news – from politically-motivated hit jobs to high-profile data breaches to the rise of ransomware gangs and dark web malware marketplaces.
It kind of feels like becoming a victim is inevitable.

It’s important to understand that, yes, ransomware threats are everywhere. Yes, threat attackers are becoming more coordinated and sophisticated — demanding and receiving higher payouts. And yes – the enterprise cloud environment has evolved into this sprawling, complex network with thousands of endpoints, configurations, and potential vulnerabilities.

At the same time, most of today’s most advanced ransomware attacks still rely on their targets making rookie mistakes. They’re entering systems through unprotected software, stolen credentials, and the malicious phishing links that show up in employee inboxes. In other words, ransomware is still a very preventable problem.

With that in mind, let’s look at the key ransomware risks orgs should know about before planning their journey to the cloud.

• Misconfigurations. According to the National Security Agency (NSA), roughly one in six data breaches can be attributed to misconfigurations. Palo Alto Networks research found that misconfigurations were the cause of 65% of known cloud security incidents. Even at the low end of that spectrum, preventable vulnerabilities like unpatched systems, disabled monitoring or logging protections, default passwords, and unprotected storage are opening the door to a large number of threat actors. Per IBM’s 2021 X-Force report misconfigured APIs are often responsible for credential exposure via public cloud repositories – with shadow IT contributing to more than half of the incidents researchers analyzed.
• Weak identity and access management (IAM). According to the Cloud Security Alliance Top Threats to Cloud Computing report, insufficient identity and access management is among the top security threats to cloud-based systems. Palo Alto Networks also found that there’s a significant gap between the “principle of least privilege” and the reality of most orgs’ IAM policies – researchers found that 99% of cloud roles, permissions, resources, and services granted users excessive permissions – most of which were largely unused.
• Cloud ransomware. Cloud ransomware (aka Ransomcloud) is another serious threat to your organization. Attackers often gain access by phishing individual employee accounts through email or malicious downloads like fake updates – which rely on human-error to create an opening for threat actors to access the organization’s cloud storage solutions.Or – they might take advantage of the file-syncing capabilities common with most cloud storage solutions – files stored on local devices are automatically saved to the cloud and updated when changes are made. This approach, known as file-sync piggybacking, installs a program that doesn’t contain the malware payload. Instead, it runs in the background and installs the ransomware.Once installed, the user typically receives a pop–up notification that looks like a legitimate permission request from a trusted app (i.e. Slack, Teams) – and if they accept, it activates the payload. From there, threat actors move laterally through the system, encrypting or extracting data.
• Ransomcloud attacks on providers. Hackers don’t just target individual organizations – going after the provider has the potential to be much more lucrative. Threat actors might target a specific cloud provider to identify security vulnerabilities (for later attacks) or launch brute-force attacks that bypass logins and other protections. Attacks against the cloud provider are especially damaging as they put the entire platform at risk – and if successful, attackers could potentially demand ransoms from all customers that use that service.

These are far from the only threats you need to worry about — but it’s a good starting point for making sure you cover all of your bases.

Yes, the Cloud is Vulnerable to Ransomware – But That Doesn’t Mean You’re Safe On-Premises

Another Palo Alto Networks report forecasts that ransomware attackers are evolving their tactics, techniques, and procedures (or TTPs) to be even more cloud-native than they already are. While that does mean cloud storage is becoming more vulnerable to ransomware — this revelation doesn’t set off any major alarm bells. As cloud adoption continues to ramp up, it only follows that threat actors are responding to that shift by making some tweaks to their approach. It’s common sense.

Many orgs, particularly those operating in industries like professional services, health care, banking, wealth management, etc. have long followed the common wisdom that the best way to protect sensitive information is to keep things analog.

But — big data has gotten way too big for any organization to manage via spreadsheets and physical filing systems. These days, avoiding the cloud out of fear doesn’t keep you safe from ransomware. In fact, it prevents you from realizing critical business benefits like cost-savings and informed decision-making. And — it opens the door to a number of risks with the potential to cause just as much damage to your company.

It’s harder to protect and manage on-prem data – not to mention verify its integrity, ensure that it meets regulatory, auditing, or consumer privacy requirements. All of which can lead to serious reputational, financial, and legal damage — or even force your business to shut down.

The bottom line? On-prem systems are a liability. Without the cloud, companies can’t meet customer demands or keep up with competitors — let alone protect themselves against a new class of cyber criminals, who also use cloud-based apps infused with AI/ML capabilities.

How Cloud-Based Solutions Keep You Safe From Ransomware Attacks

While cloud storage is vulnerable to ransomware attacks, your best defense against threat actors lies with the same technologies already transforming other key parts of your business.
Think – data management solutions, advanced analytics, AI, machine learning, and automation. A few examples:

End-to-end visibility – and end-to-end protections. Similar to how cloud-based ERP systems centralize your data and make it easier to manage your business, a unified platform and end-to-end visibility represent the first line of defense when it comes to protecting against ransomware and other security threats.

Before migrating to the cloud, e-commerce company, QNET regularly dealt with threats to its on-prem infrastructure — which housed valuable customer data like credit card numbers and identifying details. Weekly DDoS attacks led to significant revenue losses and downtime — and left the company vulnerable to data leaks and phishing attacks.

CISO Egal Egal explains that while QNET had invested in several best-in-breed security solutions (from different vendors), none of those products could provide an end-to-end view of the entire IT environment.

CTO Ameer Deen adds that the lack of visibility had a chilling effect on his team — they were afraid that any efforts to respond to incoming threats might make things worse.

QNET replaced those third-party security tools with Microsoft 365 E5 and migrated IT operations to Azure. Today, Deen says the company is able to make informed, proactive decisions that strengthen its security posture — all thanks to Microsoft Defender for Cloud, Defender for Endpoint, and Sentinel.

AI-driven insights. AI-powered XDRs (extended detection and response) provide unified threat intelligence across every end-point in your ecosystem. They work across products, services, and clouds, support process automation, and help IT teams identify threats — and perform deep investigations to better understand those threats in full context.

Different orgs will also use different types of analytics solutions to identify and act on cyber threats based on factors like business model, regulations, and the unique risks of operating within a specific industry. For example, a financial services firm might use AI insights to mitigate fraud risks or detect unusual transactions and behaviors.

Automated enforcement, detection, and response. Automation also plays an important role in protecting your company against cloud-based attacks – it’s used to prevent, detect, contain, and act on incoming threats.

For example, independent insurance agency Martin & Zerfoss implemented Defender for Business to consolidate its fragmented security solutions and safely enable remote work.
At the time, the company hadn’t fully migrated to the cloud – citing concerns about their lack of expertise and challenges keeping customer data safe.

Combined with Azure Active Directory, Defender for Business gives Martin & Zerfoss a comprehensive view of all devices, users, and systems both on-premise and in the cloud. Defender can automatically raise alerts and prioritize actions, while automated investigation and resolution features streamline threat management and empower users to quickly intervene, if needed.

Finally, Deloitte brings up a critical point: without proper implementation, oversight, and governance, the transformative capabilities of AI/ML and automation expose serious vulnerabilities — opening the door to bad actors both inside and outside your organization.

In other words, your cloud-based ransomware protections are only as good as your organization’s underlying data, policies, and cybersecurity culture.

The point is, cloud-based solutions are super effective when it comes to protecting your data — if you have a robust cybersecurity program in place, strong policies, and ongoing support from real human professionals.

Final Thoughts

On the whole, cloud storage is safer than relying on analog or on-prem alternatives. But that doesn’t mean it’s safe by default. Ultimately, it doesn’t really make sense to think about whether or not the cloud is safe from ransomware in such black and white terms.

It’s not a question of cloud vs. on-prem – it’s a matter of choosing cloud solutions that help you achieve critical business goals AND protect your business from ransomware attacks and other cyber threats.

Working with the right partner can help you stay safe in the cloud.

Velosio’s Microsoft experts can help you find and implement the cloud solutions you need to run your business – and ensure that every end-point, identity, device, and application is secured.

Contact us today to learn more about how we help our clients protect against ransomware attacks and other cyberthreats.