Ransomware: Is Cloud Security Threatened?

The avalanche of recent attacks, such as the WannaCry Ransomware, proves that cybercriminals have been successful in creating new techniques and tactics that easily bypass traditional computer network security.

The global ransomware attack that took place in May 2017, affecting more than 200,000 computers in over 150 countries, scared business owners and governments around the world. Important services were forced to restrict their operations and leave many people in vulnerable situations, as was the case with some UK hospitals.

The escalation of the attack surprised even IT and cybersecurity specialists, who had always worked in anticipation of an incident of this severity. Security issues like this make us wonder: would the adoption of cloud computing be compromised and we would have a cloud abandonment?

Ransomware set to dominate in 2017

The WannaCry attack and its variants occurred due to an exploit on the computer through the Windows Server Message Block (SMB) protocol, used to share files. This exploit, known as EternalBlue, was stolen from a group linked to the National Security Agency and posted on an obscure website. Any Windows computer successfully attacked by EternalBlue would grant the hacker complete access to it.

What caught the attention of WannaCry was that there is a huge gap in organizations' understanding of why managing and patching fixes is so important. Many times the corrections released by the manufacturers of operating systems or any type of software on the market are considered optional or even unknown.

It is important to highlight the importance of keeping legacy systems up to date and the most current, whenever possible. The patch to fix the security hole problem had been released by Microsoft two months before the ransomware attacks.

According to MalwareBytes Labs, if the patch had been installed on all machines, WannaCry would hardly have touched computer networks, since the initial infections were done not through phishing emails, but due to the exploit exploited. by ransomware.

Planning and strategy for upcoming attacks

Many organizations delay patching due to fear of affecting operating systems, and patches are either never installed or are delayed. Furthermore, initial infections often occur because a user opens a phishing email and clicks on a malicious link or opens a corrupted file, which installs the ransomware.

The most important defense an organization can use is user education regarding phishing attacks and the application of well-defined security policies and processes . Education needs to be conducted regularly, always demonstrating to users the real risk.

The importance of cloud computing against ransomware attacks

Organizations need to accept that the risk of attacks such as ransomware will always exist on their networks. The key, then, to reduce this probability is the set of security features that can be applied to every structure offered, such as AWS.

As ransomware attacks get smarter, it's important that data protection systems are stepped up. Investments in this area will certainly be a strategy adopted by cloud computing providers like AWS.

Systems related to disaster and data recovery, such as the use of backups, are some examples of resources that must be used to guarantee information security. When tested regularly, they are of the utmost importance. Security policies, such as having at least one backup copy physically separated from the main computer network are ways to prevent ransomware from being able to spread throughout the company.

Associated with all of this, shared responsibility between suppliers and customers is critical to minimizing attacks. Even if new protection solutions and security policies are offered by vendors, it won't help if customers don't do their part. Cloud computing will definitely be an ally in the fight against ransomware attacks.

Keep following us through our blog and social networks. Get in touch with Sky.One and find out how our professionals can help with your cloud adoption and migration projects.