By now, most organizations are acutely aware of the risks associated with ransomware. But over the past year, as the pandemic has driven growth in the remote workforce, SaaS platforms and services have become increasingly critical for business success and increasingly become a target for cybercriminals. As these threats continue to evolve, organizations are facing what’s referred to as cloud ransomware. This new generation of ransomware attacks is designed explicitly to spreads through the cloud and encrypts SaaS data associated with cloud services.
What’s the impact of cloud ransomware? According to recent research, it’s estimated that the cost of ransomware will top $20 billion in 2021. These costs usually include a ransom fee, forensics, legal work, fines and penalties, and data recovery requirements. In 2020, 73% of ransomware attacks were successful, which was an increase of 600% over the previous year. And every 11 seconds, a new organization falls victim to ransomware. Today average downtime from a ransomware attack is 16 days. And as an example, healthcare organizations pay out more than $8,851 per minute of downtime. There is no last line of defense. The reality is that ransomware has become a multibillion-dollar industry for cybercriminals. Like any other successful business, ransomware schemes want to show positive revenue traction year over year.
What exactly are criminals targeting? First, cybercriminals are looking for new market opportunities. Many offline businesses remain closed due to COVID-19, which reduces new openings for cybercriminals. As a result, phishing attacks have increased, and in 2020 more than 75% of organizations worldwide experienced some sort of phishing attack. During this same period, cloud services and applications have become even more mission-critical for businesses. According to Synergy Research Group, worldwide spending on cloud infrastructure services increased by 35% year over year, and Flexera’s State of the Cloud Report shows that most companies spend more than $1M a year on cloud services. Companies are fully committed to using services such as Google Workspace, Microsoft Office 365, Salesforce, Dropbox, and Box, to name a few. This culmination of cloud service adoption and phishing is creating a perfect security storm.
As cloud services accumulate vast numbers of users in a single ecosystem, they become prime targets for criminals. Just imagine the damage a well-designed ransomware attack can inflict on a large segment of enterprises that all use Microsoft Teams or Salesforce. In 2020, we saw the first successful attacks on SolarWinds and Microsoft. The economic impact has the potential to be devastating. And protecting against ransomware is becoming more and more challenging as cybercriminals release increasingly sophisticated algorithms each year. For example, new ransomware attacks block on-premises antiviruses and backup agents, delete backed-up data and download sensitive information. They steal a victim’s saved credentials from web browsers and email clients (and threaten to upload it to public view if the victim doesn't pay the ransom), and more. Here’s a simple cloud-to-cloud example of a ransomware attack targeting SaaS data:
- A user gets an email that appears to be from their cloud service provider. It requires the user to click a phishing link to update an application.
- A user installs a malicious OAuth app or a Chrome extension that requests a scope of permissions to access Google Workspace or Microsoft 365 SaaS data.
- Once permissions are granted, the app starts encrypting data directly in the cloud.
The bad news is that there's no silver bullet that can help you to keep your business data secure in the cloud. But the good news is that a combination of best practices can help you significantly reduce the impact of a ransomware attack on your organization. How do you do that? Here are a couple of recommendations:
- Continually (24/7) monitor your SaaS environment using a third-party provider. The provider can identify new ransomware attacks in real-time, remediate them, alert you immediately and provide an advanced incident response plan. One of the critical components of such a solution should be machine learning and artificial intelligence algorithms that can minimize false-positive rates and automate the process to reduce the human factor significantly.
- Be sure to back up your data. Use an independent cloud-to-cloud backup provider to back up your sensitive SaaS data to secure cloud storage. AWS, GCP, and Azure are the most secure and trusted cloud storage services. Daily backup is a vital part of this process.
- Protect yourself against phishing by deploying an anti-phishing monitoring solution. The majority of phishing emails represent the first stage of a ransomware attack.
- Monitor and assess third-party apps installed by your employees. This includes marketplace apps, Chrome extensions, add-ons, iOS apps, Android apps, non-marketplace apps, and any others that have access to your SaaS data. Some apps can be time bombs designed to launch ransomware attacks when you least expect it.
- Educate your employees by implementing security awareness training on a quarterly basis. There are many online tools that can help you with this. Continue doing all the necessary data security work like managing files' permissions and access, outlining clear security policies, and more.
Historically speaking, cybercriminals either broadly targeted every end user in hopes of receiving a small payment, or they narrowed in on a single approach that used social engineering tactics targeted at specific organizations for a more significant ransom. That’s no longer the case in the cloud ransomware era. The mass adoption of cloud services by a broad range of business sectors has created an attractive aggregation point for both approaches. And they’re successful because cloud providers have lagged when it comes to addressing security concerns. Don’t let your organization be the next victim. Use the information above to get started closing potential loopholes and shutting out cloud ransomware.
Dmitry Dontov is the CEO and Chief Architect of Spin Technology.