Thanks to the recent ransomware outbreaks, WannaCry and NotPetya, most organizations are now on the watch for ransomware threats. Some may have even spent time and money fighting ransomware attacks of their own, or have put an effort into keeping their business from becoming a victim.
Many organizations, though, have focused less attention on protecting the cloud from ransomware attacks.
Although the cloud isn’t any safer from a ransomware attack than any other environment, the properties of the cloud means that preparations need to be handled differently. For instance, cloud strategy often employs a different way of communicating and notifying individuals by requiring a different set of controls. It can even utilize a different set of personnel.
Ransomware and the IaaS Cloud
If your organization is using an Infrastructure-as-a-Service (IaaS) platform that allows for more OS visibility, it also opens your cloud for more issues, which can make the environment more attractive for ransomware.
The difference between ransomware in an IaaS cloud and other cloud environments is the ransomware discovery process, the organization’s response to the discovery of ransomware, and the steps it takes to protect the data in the cloud from the threat.
Other cloud models aren’t safe from ransomware either, including SaaS (Software-as-a-Service). This means that data stored in storage solutions like Dropbox and Google Drive can become compromised. Then, the changes will be uploaded from a business’ local storage into their cloud.
Protection strategies for the cloud
There are several ways that businesses can better protect their cloud environment from ransomware. The most effective is to have (and exercise) response and escalation procedures. Organizations can also prepare by having the answers to several scenarios, including:
- How will we be notified of an attack?
- What are the requirements for those taking responsive action?
- What are the notification pathways?
- Who will be notified?