The next wave of ransomware
- 17 June, 2019 09:00
Cybercrime, specifically ransomware, is evolving to match business cloud trends with ransomcloud, the next wave of ransomware, set to become a key concern for organisations within the next few years. While cloud services can significantly boost the ease and efficiency of data management and business communication, organisations shouldn’t rely on cloud service providers to protect their information. And, if hackers access cloud networks, the implications could potentially be devastating. In response to ransomcloud, organisations need to back up data in separate locations and educate their employees.
Although not yet mainstream, ransomcloud sees cybercriminals embedding ransomware into cloud services. Hackers often engage in relatively simple and inexpensive ‘spearphishing’ campaigns, which, if successful, let them access cloud-based email accounts all over the world. If attackers manage to access an employee’s email account, this could jeopardise an entire company.
Spearphishing involves cybercriminals creating malicious emails designed to appear legitimate and fool victims into clicking on dangerous links or opening infected attachments. Sometimes hackers will even design emails to appear as though they come from a trusted source like Microsoft, which prompts recipients to download software updates, or click to access more information about a new service. These updates or changes will then likely request the user to provide usernames and passwords, giving hackers access to the user’s emails and information.
Once cybercriminals behind spearphishing attacks get into a cloud-based email account, they can view the victims’ emails, and send additional spear phishing emails from the compromised account, impersonating the victim to colleagues, management, friends, and family. Ransomcloud encrypts compromised email accounts, prohibiting users from accessing them. This means employees, and eventually, organisations, are locked out of their own emails and files until they pay the ransom.
Spearphishers will usually demand a virtual currency payment from organisations seeking to take back control of their cloud-based email and information. Many organisations, including small and medium businesses, will chose to pay this ransom. They do this because they know that hackers in the cloud can view and misuse a host of stored information, including payment and finance data, employee details, and confidential customer and client documents, which can result in painful ethical and legal ramifications.
It’s therefore critical for organisations to have sophisticated back-up plans in place, to enjoy the many benefits of the cloud without losing control over cloud-based platforms and software.
First, organisations need to realise that the cloud doesn’t guarantee information security. As more accounts, devices, and information become cloud-based, organisations should choose a managed service provider (MSP) with the specific qualifications and skills to assist with recovery from ransomcloud attacks.
MSPs can also help organisations back up their information locally, so even if ransomcloud attackers compromise one cloud-based platform, they can never completely separate organisations from their data. Organisations can also benefit from having an additional cloud service hosting data copies. A software-as-a-service (SaaS) protection tool can also boost organisations’ defense against ransomcloud threats.
In the workplace, it’s important for organisations to educate employees about ransomware risks, and promote strong security hygiene practices. Training sessions can help employees know how to identify suspicious emails, even if they appear to come from a legitimate source. Training can also ensure employees know what to do when they notice emails or network activity that seems out of the ordinary, so threats can be addressed as soon as possible.
It’s essential that organisations using or considering the cloud account for the ways ransomware and cybercrime are gaining traction in these areas. As cloud services take off, attackers are looking for new ways to make money and cause damage. Ransomcloud is an emerging threat, and organisations should prepare to increasingly combat cloud-based security challenges over the next few years.
James Bergl is sales director, Australia/New Zealand, Datto and an executive council member ANZ, CompTIA.