nobeastsofierce - Fotolia
Ransomware has been a persistent threat to organizations of all sizes. As companies increasingly transition to cloud-based platforms, they must consider how ransomware can attack cloud storage.
There are many different types of cloud storage and numerous cloud storage providers. In addition, individual providers often offer several different classes of cloud storage, including file, archive and object storage.
This discussion will refer to generic cloud storage. While some cloud providers may offer security mechanisms designed to combat ransomware, these capabilities are not completely effective, nor are they standard across all cloud providers.
Consider the nature of ransomware, which has existed for many years. Early on, ransomware was somewhat unsophisticated. If a user fell victim to a ransomware attack, the damage was often limited to the contents of the user's hard disk.
Over time, however, ransomware authors began to realize that high-value data was often stored on back-end servers, rather than solely on someone's hard disk. As such, ransomware evolved to encrypt the contents of network shares. Some modern ransomware is even designed to attack specific applications.
How ransomware works and how to stay safe
Ultimately, there are two main pieces that determine the effectiveness of a ransomware attack on cloud storage. The first of these factors is the ransomware's capabilities. All ransomware is not created equally -- just as not all cloud storage is created equally. Some ransomware variants are more effective on cloud storage than others.
The other factor is the level of permissions that IT has granted to the user who inadvertently launched the attack. In general, ransomware can attack anything to which the user is connected and has access. If an end user's computer has a network drive mapped to cloud storage, then a ransomware attack could presumably encrypt any data on the cloud share the user can access. In other words, the ransomware doesn't care whether the data resides locally or remotely. Attackers simply design it to be as destructive as possible.
The best thing organizations can do to prevent ransomware from infecting cloud storage is to limit user permissions. Employees should not have access to anything that is not specifically required for them to do their jobs. Organizations should also implement malware protection on endpoints and enable any malware protection features that the cloud provider might offer.
Dig Deeper on Cloud storage
Related Q&A from Brien Posey
Microsoft Teams storage limits can be complex for organizations to track. Learn the details and how to add Microsoft 365 storage to avoid capacity ... Continue Reading
Consider the fine print of encrypting data at rest. For example, access control permissions can make or break a storage encryption plan. Continue Reading
It's critical for an organization to know what data it needs to retain and where to store it. Some data is required for retention by law, so a ... Continue Reading