Protecting against ransomware in the cloud: A guide
A recent survey of 500 businesses revealed that nearly half were brought to a standstill by a ransomware attack within the last 12 months. Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or to not publish it.
Recently, there has been more and more documented evidence that ransomware is on the rise - particularly in the UK which is being used as a sort of testing ground to the point whereby ransomware has become the number one threat facing UK organisations in 2016. Companies that depend on instant access to critical data and would suffer severe business impact if they lost IT systems during the time it would take to respond to an attack should be most worried. With adoption of cloud computing for more mission-critical use cases growing, IT leaders are naturally concerned about protecting against ransomware in the cloud as well as on-premise.
Not only are ransomware attacks becoming more frequent, the methods are becoming more sophisticated and harder to identify. With email still being the number one attack vector and a reported 85% of organisations admitting to suffering from three or more attacks in a year, it is imperative that organisations have in place a robust disaster recovery and back-up plan, as well as deep security and multi-layered protection to protect cloud workloads.
To this point, here are four ways to protect your organisation against ransomware:
Cloud backup and disaster recovery
The best defence against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily and having a disaster recovery failover plan in place, so that even if your IT systems get locked, you won’t be forced to pay to see your data again.
While backups are useful, they won’t necessarily make a ransomware attack painless. If affected by ransomware, customers can restore data from a previous unaffected machine version backed up by their cloud service provider from a point in time before they were affected. However, while data is available, business as usual may not be restored until production systems are clear of any ransomware effects.
This is where cloud-based disaster recovery comes in. It enables organisations to failover production to a cloud service provider in the event of a ransomware attack and restore production systems within minutes or even seconds. The most common method of providing fail-safe replication of data between two systems is journaling whereby the system software keeps a running list of storage "writes" in a special log file called a journal. This method enables granular restoration of virtual machines from specific points in time to enable you to failover to a point in time before the ransomware attack.
Advanced cloud security
In order to protect your organisation against this rising threat, it is imperative for business leaders to ensure that on-premise levels of security are available in the cloud. Threat protection features that are vital for organisations to consider include anti-malware with web reputation, host-based firewall, intrusion detection and prevention, integrity monitoring and log inspection.
In addition to this, virtual patching and stateful firewall capabilities are necessary to ensure virtual machines are protected at a network level, and log inspection plus file integrity monitoring in turn boosts compliance efforts. These advanced security features should be combined with alerting, reporting and remediation to prevent ransomware attacks from wreaking havoc.
Just say no
The primary method of infecting victims with ransomware is via email, with 93% of all phishing emails now containing encryption ransomware. Cybercriminals will spam victims with emails that carry a malicious attachment or instruct you to click on a URL where malware surreptitiously crawls into your machine. Ransomware hackers have also adopted another highly successful method that organisations must be aware of, malvertising, which involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trust.
Employees must be trained and educated on how to spot such attacks and every organisation must put in procedures to continuously spread knowledge about how to avoid becoming a victim.
Some cloud providers offer multiple layers of protection against ransomware and other nefarious attacks. In addition to the advanced security features outlined above, other measures such as two-factor authentication and role-based access control ensure the highest levels of access security via the cloud.
Furthermore, encryption technology is highly useful to ensure data protection alongside vulnerability scanning, which performs periodic penetration testing to ensure that web servers and networks are not vulnerable to attack. Another factor to consider is multi-level network security enforcing network segmentation in order to improve security.
Editor’s note: On December 13 iland and partner Trend Micro are delivering a webinar on the rise of ransomware and how companies can protect themselves against ransomware attacks in the cloud. You can find out more here.
- » Why embracing the cloud means preparing for problems you can't control
- » How does privileged access security work on AWS and other public clouds?
- » Alibaba, Google Cloud and Microsoft among inaugural members of cloud security consortium
- » Five key tips to prioritise the security of DevOps tools and processes
- » What’s in your cloud? Key lessons to learn after the Capital One breach