nobeastsofierce - Fotolia

How can ransomware attack cloud storage?

A ransomware attack on cloud storage can have catastrophic effects. Cloud storage is still online, which means it is susceptible to some cyberattacks, so users must be careful.

Ransomware has been a persistent threat to organizations of all sizes. As companies increasingly transition to cloud-based platforms, they must consider how ransomware can attack cloud storage.

There are many different types of cloud storage and numerous cloud storage providers. In addition, individual providers often offer several different classes of cloud storage, including file, archive and object storage.

This discussion will refer to generic cloud storage. While some cloud providers may offer security mechanisms designed to combat ransomware, these capabilities are not completely effective, nor are they standard across all cloud providers.

Consider the nature of ransomware, which has existed for many years. Early on, ransomware was somewhat unsophisticated. If a user fell victim to a ransomware attack, the damage was often limited to the contents of the user's hard disk.

Over time, however, ransomware authors began to realize that high-value data was often stored on back-end servers, rather than solely on someone's hard disk. As such, ransomware evolved to encrypt the contents of network shares. Some modern ransomware is even designed to attack specific applications.

How ransomware works and how to stay safe

Ultimately, there are two main pieces that determine the effectiveness of a ransomware attack on cloud storage. The first of these factors is the ransomware's capabilities. All ransomware is not created equally -- just as not all cloud storage is created equally. Some ransomware variants are more effective on cloud storage than others.

Ransomware incident response steps

The other factor is the level of permissions that IT has granted to the user who inadvertently launched the attack. In general, ransomware can attack anything to which the user is connected and has access. If an end user's computer has a network drive mapped to cloud storage, then a ransomware attack could presumably encrypt any data on the cloud share the user can access. In other words, the ransomware doesn't care whether the data resides locally or remotely. Attackers simply design it to be as destructive as possible.

The best thing organizations can do to prevent ransomware from infecting cloud storage is to limit user permissions. Employees should not have access to anything that is not specifically required for them to do their jobs. Organizations should also implement malware protection on endpoints and enable any malware protection features that the cloud provider might offer.

Next Steps

5 ways bad incident response plans can help threat actors

5 tips for primary storage ransomware protection

Dig Deeper on Cloud storage

Disaster Recovery
Data Backup
Data Center
and ESG