Earlier this year, MIT Technology Review predicted that cloud computing businesses and their storehouses of data will be the next big targets for ransomware attacks. Cloud storage certainly isn't immune to ransomware attacks, so cloud storage vendors should employ a multilayered defense to address the threat of ransomware in the cloud, according to Hyder Rabbani, COO at CyberSight, based in Carlsbad, Calif.
In this Ask the Expert, Rabbani explains how ransomware has evolved and why cloud environments are susceptible to ransomware attacks. He also offers tips about how to handle the threat of ransomware in the cloud and why crafting a data backup strategy and disaster recovery plan helps minimize the fallout of ransomware attacks.
Editor's note: The following interview has been edited for clarity and length.
How have ransomware attacks evolved? How can organizations address ransomware in the cloud?
Hyder Rabbani: Ransomware targets known and unknown vulnerabilities in operating systems, firewalls and applications, and [it] has become much more sophisticated. We're now seeing polymorphic strains, where ransomware is capable of changing its own file characteristics frequently to avoid detection, and multithreaded strains, where if one thread is detected and stopped, child processes continue to execute their encryption characteristics.
Some ransomware is capable of deploying 'Easter eggs' that are quietly deployed and gather small bits of information without detection over an extended period of time. Those 'Easter eggs' then detonate later, wreaking havoc and locking up files.
Cloud storage is not immune to ransomware threats and is not foolproof. Ransomware can definitely affect cloud storage, especially if the cloud storage vendors are not proactively using antiransomware technology. In truth, ransomware can impact any and all internet-connected devices. This includes IoT devices, like security cameras, thermostats, doorbells, and others like PCs, file, email and data servers, and cloud-based servers, which act as cloud storage.
Hyder RabbaniCOO at CyberSight
Cloud storage vendors should be continuously testing, evaluating and upgrading their security solutions and using multilayered defense techniques. Organizations should ask vendors to share their specific ransomware detection, quarantine and removal processes. These cloud storage vendors should be able to answer questions like:
- What tools are they using?
- What is the detection rate?
- What is the file-loss rate?
- How fast do these tools detect ransomware?
- What is their defense-in-depth posture?
Organizations can also install antiransomware protection software on all devices, including cloud servers and cloud storage. That software should have redundancy and failover protection in case of a ransomware attack. Organizations also need to have data backup and recovery policies and plans that are actually implemented and practiced. And [they should] conduct ongoing backups of all data as part of those disaster recovery policies.
Dig Deeper on Cybersecurity strategy
Related Q&A from Mekhala Roy
Fidelis Cybersecurity president and CEO Nick Lantuh discusses threat hunting best practices, including machine learning's role in corporate data ... Continue Reading
At the recent Gartner Symposium, analyst Arun Chandrasekaran highlighted the benefits of serverless computing and delineated the factors driving ... Continue Reading
In this Ask the Expert, Lumentum SVP and CIO Ralph Loura highlights two key factors to consider when choosing among public cloud giants AWS, Azure ... Continue Reading