Ransomware attacks can have devastating effects on businesses - we know that already. But what we don’t know is that cloud-based platforms aren’t as invulnerable to these attacks as we think.
Early last year, a white hat hacker (one of the good guys), Kevin Mitnick, Chief Hacking Officer of cybersecurity company KnowBe4, identified a potential chink in cloud-based platforms’ armour. Dubbed as “RansomCloud”, this type of ransomware would take advantage of the cloud’s vulnerabilities and can encrypt email accounts like Office 365 and Google in real-time.
Why is This Significant?
Mitnick’s discoveries are significant because if he has spotted the vulnerability, so will have the bad guys (“black hat” hackers).
If you were the target of cloud-based ransomware like this, it means it’s not just your physical drives and systems that are at risk. Your online accounts too can be accessed and locked by cybercriminals. Imagine the devastation that could be caused if a piece of ransomware could infect both platforms.
Similar to other types of ransomware, RansomCloud will trick victims into installing malicious software via phishing scams. Once the hackers have access to the victim’s computer, they hold files hostage and payment (a ransom fee) is demanded in order for their safe return.
However, unlike traditional types of ransomware, RansomCloud will target cloud-based systems. This means all of the data you hold in cloud-based storage solutions and workspaces, such as Office 365 and Google, are now in danger unless you take preventative action.
How RansomCloud May Work
Mitnick’s RansomCloud starts with a phishing email. The most common approach comes under the guise of an official-looking email. In Mitnick’s demonstration, it’s an email saying that Microsoft is working to improve their cloud security and is offering a new piece of anti-spam software. All you need to do is click on the link to try this software out.
Because it looks official and not the slightest bit suspicious, there’s no harm in clicking on this link. Right?
Well, as soon as you click on the link, the hackers will be given access to your cloud solutions and the files stored on there. And because it’s ransomware designed to infiltrate the cloud, it won’t just be your computer files at risk. Your emails and any other files you’ve got stored online will be scrambled and encrypted in real-time.
You’ll then be notified that your files have been encrypted and that you’ll need to pay in order to regain access to your data again.
Watch the demonstration video below to see an example of what could happen.
Although RansomCloud isn’t real, the potential is there. It still highlights the fact that the cloud isn’t as immune to ransomware attacks as we initially might think. And because of this vulnerability isn’t yet being exploited, there’s sadly no one way to protect yourself from a potential attack.
However, there are some best practices you can follow to protect your business. After all, the most realistic and proactive approach is user awareness. You should be aware of the problem, no matter how likely or unlikely it might be, and work vigilantly to prevent it from happening.
Best Practices to Protect Your Business
When it comes to vulnerabilities like this, sadly, there isn’t one catch-all solution. However, do consider the following tips for best practice when it comes to staying safe…
Train Yourself and Your Team to Recognise Suspicious Emails
Ransomware is typically spread through emails with malicious attachments and links. That’s why it’s vital you and your team know how to recognise suspicious emails so you don’t click on them and unleash a ransomware attack onto your company’s systems.
Know that Although Cloud Services Automatically Back Up Data, You Need to Do it Yourself Too
Cloud services automatically back up data but it’s for their own records. That means if a cloud-based ransomware attack strikes and you lose all of your data, you can’t call up, say, Google and ask them to restore your data. You need to be doing this off your own back anyway.
It’s not just about having backups either. You also need to store these backups in different locations. Don’t have them all in one place because if hackers happen to target this one area, you’ll not only lose your original data - you’ll lose your backups too. That’s why you need to have different versions of these backups in a variety of places, such as in a cloud-based storage system and a portable hard drive.
Ensure that you keep track of this though, otherwise it’s easy for your storage structure to become disorganised.
Use Multi-Factor Authentication
As well as storing your backups in a variety of different locations, you should also consider how this data will be protected. For instance, encrypting your backups and having a multi factor authentication process in place will make it much harder for hackers to access your vital data.
Use Web Filtering
You’ll be more vulnerable to ransomware attacks if your business network isn’t properly protected. Web filtering can act as a shield against visiting suspicious websites and inadvertently downloading malware from the internet.
Have a Disaster Recovery Plan
It’s important that you have a Disaster Recovery Plan in place because disastrous incidents can strike in a number of different forms. Whether it’s someone in your team accidentally wiping their computer hard drive or a ransomware attack locking all of your critical data, you need to be prepared.
A Disaster Recovery plan contains a set of procedures that protect your business and help you recover in the event of a crisis. It helps to minimise the effects of a disaster and the amount of data that can be saved depends on the type of plan you choose.
One important feature of a Disaster Recovery plan that separates it from data recovery is the replication of data rather than backups.
Replicated data is as the name suggests - they’re exact copies of your original data that are updated in real-time while backups are snapshots taken at specific times. If your backups are scheduled to happen every 24 hours, if a disaster happens 12 hours after this, it means you’d lose a day’s work if you restored via the backup.
Replicated data, however, allows a business to return immediately to the point they were at before the disaster, which minimises downtime and prevents the consequences from being too severe.
Despite this, you also need to remember that because replications occur in real-time, if they end up replicating the disaster’s effects, the replicated data will be useless. In that case, you’d need to refer to the backups - as long as the disaster hasn’t spread to the backups too. Either way, it pays to be proactive and have both types of data.
What if I Don’t Have a Disaster Recovery Plan in Place?
It’s not the end of the world if you don’t have a Disaster Recovery plan in place but it will make it much harder for you to restore business continuity. And this can have a negative overall impact on your company.
While there are ways to recover your data, there’s no guarantee that your data will be retrieved in one piece. Data retrieval can be made much easier if you have backups but in most cases, data recovery experts will only be able to recover some of your data. It’s also an expensive and time-consuming process, so your business can suffer from long periods of downtime which can affect productivity and revenue.
So, the bottom line is that it’s much better to be proactive and have a Disaster Recovery plan to back you up in the event of a crisis. That way, you lose minimal data and business continuity can be smoothly restored without you breaking much of a sweat.
Interested in Finding Out More About Ransomware and Ways to Protect Your Business?
Ransomware has been a threat to businesses since 1989 and it doesn’t look like it’s going away any time soon. It’s important that you take precautions to ensure your business is prepared for any potential attacks. At Silverbug, we offer expert solutions to any IT-related problem, from minor issues to serious instances of cybercrime.
We’re a trusted Microsoft Managed Partner, which reflects our dedication to hard work and innovation. For more information on the wide range of IT services we offer, download our free guide below.