The pandemic has driven significant digital transformation efforts among enterprises looking to adapt to the new normal and effectively support growing remote workforces. As a result, SaaS platforms and services, such as the best cloud storage or the best cloud hosting, have become critical for business success.
Unfortunately, with this growth, organizations and employees are becoming more prominent targets for ransomware. In fact, according to a recent report, ransomware attacks increased by 150 percent in 2020. As this threat continues to evolve, businesses are increasingly facing what’s referred to as cloud ransomware – a new generation of attack that explicitly spreads through the cloud and encrypts SaaS data associated with cloud services.
Ransomware has gotten so pervasive that, according to Cybersecurity Ventures, it’s estimated the cost of ransomware would top $20 billion in 2021. These costs include a wide range of variables, including ransom fees, forensics, legal work, fines and penalties, data recovery requirements and more. The costs are rising, and unfortunately, so is the volume of effective ransomware attacks.
In fact, in 2020, 73 percent of ransomware attacks were successful, which was an increase of 600 percent over the previous year. And every 11 seconds, a new organization falls victim to ransomware, according to Cybersecurity Ventures. Today, the average downtime from a ransomware attack is 16 days. And as an example, healthcare organizations pay out more than $8,851 per minute of downtime.
The reality is that ransomware has become a multibillion-dollar industry for cybercriminals. Like any other successful business, ransomware schemes want to show positive revenue traction year over year.
Cloud ransomware: What do criminals want?
But what exactly are criminals targeting with these attacks and why? First, cybercriminals are looking for new market opportunities. Many offline businesses remain closed due to COVID-19, which has somewhat narrowed the traditional “playing field” for cybercriminals. As a result, they’ve increased their focus and efforts toward phishing attacks to compensate.
In 2020 alone, more than 75 percent of organizations worldwide experienced some sort of phishing attack. During this same period, as the global pandemic forced organizations to transform business operations, cloud services and applications have become even more mission-critical for businesses. The data shows just how significant a cloud has become.
According to Synergy Research Group, worldwide spending on cloud infrastructure services increased by 35 percent year over year, and Flexera’s State of the Cloud Report shows that most companies spend more than $1m a year on cloud services.
In addition, companies are now fully committed to using services such as Google Workspace, Microsoft 365, Salesforce, Dropbox and Box, to name a few. This culmination of critical cloud service adoption and phishing attacks is creating a perfect security storm.
Securing data in the cloud
As cloud services accumulate vast numbers of users in a single ecosystem, they become prime targets for criminals. Just imagine the damage a well-designed ransomware attack can inflict on a large segment of enterprises that all use Microsoft Teams or Salesforce. The economic impact has the potential to be devastating.
And protecting against ransomware is becoming more and more challenging as cybercriminals release increasingly sophisticated algorithms each year. For example, new ransomware attacks block on-premises antiviruses and backup agents, delete backed-up data, and download sensitive information. They steal a victim’s saved credentials from web browsers and email clients (and threaten to upload it to public view if the victim doesn't pay the ransom), and more.
Here’s a simple cloud-to-cloud example of a ransomware attack targeting SaaS data. First, a user gets an email that appears to be from their cloud service provider. It requires the user to click a phishing link to update an application. Second, a user installs a malicious OAuth app or a Chrome extension that requests a scope of permissions to access Google Workspace or Microsoft 365 SaaS data. Third, once permissions are granted, the app starts encrypting data directly in the cloud.
The bad news is that there’s no miracle solution that can help you to keep your business data 100 percent secure in the cloud. But the good news is that a combination of best practices can help you significantly reduce the impact of a ransomware attack on your organization.
You need to continually (24/7) monitor your SaaS environment using a third-party provider. The provider can identify new ransomware attacks in real-time, remediate them, alert you immediately and provide an advanced incident response plan. One of the critical components of such a solution should be machine learning and artificial intelligence algorithms that can minimize false-positive rates and automate the process to reduce the human factor significantly.
Data backup is incredibly important as well. Use an independent cloud-to-cloud backup provider to back up your sensitive SaaS data to secure cloud storage. AWS, GCP and Azure are the most secure and trusted cloud storage services. Daily backup is a vital part of this process.
Since the majority of phishing emails represent the first stage of a ransomware attack, you need to protect yourself with an anti-phishing monitoring solution.
Additionally, you must monitor and assess all third-party apps your employees install. This includes marketplace apps, Chrome extensions, add-ons, iOS apps, Android apps, non-marketplace apps and any others that have access to your SaaS data. Some apps can be time bombs designed to launch ransomware attacks when you least expect it!
And finally, you should be educating your employees by implementing security awareness training on a quarterly basis. There are many online tools that can help you with this. Continue doing all the necessary data security work like managing files’ permissions and access, outlining clear security policies and more.
At the end of the day, you need to evolve along with the changing ransomware landscape. In the past, cybercriminals have either broadly targeted every end user in hopes of receiving a small payment, or focused in on a single approach that used social engineering tactics targeted at specific organizations that are more likely to pay a higher ransom. That’s no longer the case now that we’ve entered the cloud ransomware era.
The mass adoption of cloud services by a broad range of business sectors has created an attractive aggregation point for both approaches. And they’re successful because cloud providers have lagged when it comes to addressing security concerns. Don’t let your organization be the next victim. Use the information above to close potential security gaps and shut out cloud ransomware before it’s too late.