Ransomware mitigation sees focus from AWS, Azure, Google Cloud
Ransomware mitigation strategies have become an increasingly important aspect of major cloud providers’ offering following the pandemic.
In recent weeks, Amazon Web Services (AWS), Microsoft Azure and Google Cloud have all published articles recommending mitigation tactics and best practice in the event of a ransomware attack.
A ransomware attack occurs when company files are encrypted and money is demanded in exchange for the decryption key and the maintained privacy of the data.
The practice, which is closely tied to the work of blockchain analysis firms like Chainalysis due to payments typically being made with cryptocurrency, grew exponentially during the pandemic.
In Chainalysis’ ‘2021 Crypto Crime Report’, the company reported a 311% increase from 2019 to 2020 in the amount paid by ransomware victims into deposit addresses.
Now, it seems major cloud providers are beginning to take greater notice of the rise in such attacks.
In an AWS blog post from September, senior solutions architect Brad Dispensa suggested five pre-emptive steps customers can take to help protect their resources from ransomware.
Among the list was data encryption, setting up app and data recovery, applying critical server patches, following set security standards, and having automated response systems in place.
Dispensa explained the need for encryption as such: “Recent ransomware events are increasingly using double extortion schemes. A double extortion is when the actor not only encrypts the data, but exfiltrates the data and threatens to release the data if the ransom isn’t paid.
To help protect your data, you should always enable encryption of the data and segment your workflow so that authorised systems and users have limited access to use the key material to decrypt the data.”
Azure focused on what to do before and during a ransomware attack in a similar article from late August.
Here, Azure’s principal content developer, Terry Lanfear, warned of the long-term effects of ransomware: “The real damage is often done when the attack exfiltrates files while leaving backdoors in the network for future malicious activity—and these risks persist whether or not the ransom is paid.
Unlike early forms of ransomware that only required malware remediation, human-operated ransomware can continue to threaten your business operations after the initial encounter.”
Seemingly more on the ball, Google Cloud defined its five pillars of best practice against ransomware back in May.
These included identifying risks to your organisation, creating safeguards, detecting potential cybersecurity incidents, activating a response program, and building a recovery strategy for core assets.
In this article, Google Cloud’s chief information security officer, Phil Venables, and VP of security, Sunil Potti, stressed how ransomware attacks are continuously evolving: “Ransomware groups have evolved their tactics to include stealing data prior to it being encrypted, with the threat of extorting this data through leaks.
Additionally, some ransomware operators have used the threat of distributed-denial-of-service (DDoS) attacks against victim organizations as an attempt to further compel them to pay ransoms. DDoS attacks can also serve as a distraction.”