Ransomware has been a mainstay of hackers’ malware arsenals over the last several years, but these attacks have actually changed quite significantly in terms of their complexity, targeting and victim selection. Like any big business, ransomware has evolved to follow the money. WatchGuard CTO Corey Nachreiner believes than ransomware’s next shift will be to target cloud assets, and he wrote a guest post in Dark Reading explaining why.
Corey argues that ransomware will target the cloud in 2020 for three main reasons: 1) it’s a new market opportunity, 2) data and services stored in the cloud have become important enough to business operations that disrupting them could significantly cripple most organizations, and 3) the cloud is an aggregation point where one attack can affect multiple victims. Here’s an excerpt from the article explaining that final point:
Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server. As an example, several attacks in the first and second quarters of 2019 involved bad actors hijacking multiple managed service providers’ management tools and using them as a strategic entry point from which to spread Sodinokibi and Gandcrab ransomware to their customer rosters. The same principle applies here — hacking a central, cloud-based property allowed attackers to hit dozens or hundreds of victims.
The solution to ransomware targeting the cloud is to make sure your cloud assets are secure. Fortunately, most network security appliances on the market today offer virtual versions that will protect IaaS deployments. Properly configuring these deployments, managing permissions, and setting up multi-factor authentication (MFA) to access them are also very important. Companies like Oracle and Amazon offer guides to securing cloud deployments and are an excellent resource for IT teams going through this process for the first time.