“Attention! All your files have been encrypted.” More and more businesses are being greeted with messages such as this one, with ransomware attacks against businesses having increased threefold last year.
Advice for preventing ransomware – which is malicious software that encrypts devices or data until the owner pays a ransom in exchange for access to their data – is typically something to the effect of “back up your data off-site so you don’t have to pay the ransom.” In response, businesses may vault their data in the cloud, assuming that it is secure and they no longer have to worry about the threat of ransomware as long as the backups are up to date.
To be sure, backing up data in the cloud is a good strategy. However, rapid adoption of on-demand cloud applications could be putting an organisation’s cloud backups at risk. In fact, a recent Netskope report found that 43.7 per cent of the malware found in the cloud is carrying ransomware. Below are some of the top ways ransomware can spread via the cloud.
Employees downloading unauthorised cloud applications
Employees can easily sign up for cloud applications, as many cloud services by nature enable users to bypass company and country security policies. When employees open accounts with unauthorised cloud services – whether they are software services, file-sharing applications or payment processors, IT staff are not able to monitor the apps appropriately and ensure proper security measures are implemented. This lack of security monitoring dramatically increases the likelihood of ransomware being introduced to the network. What employees may not realise is that the increased possibility of new security breaches essentially negates any gains made by the cloud applications. Worse, if the cloud provider itself is attacked, all its customers could be affected as well.
To put the risk into perspective, 1 in 10 of the enterprises monitored by Netskope yielded ransomware-infected files in sanctioned cloud apps. Although the report did not cover unsanctioned applications, it stands to reason that ransomware would be even more rampant in these, as they are not monitored by IT staff.
Syncing and sharing
Malware and malicious files and links can spread rapidly through an organisation, and more sophisticated ransomware is now using the cloud to spread. Imagine an employee opens a suspicious email attachment and downloads ransomware to their computer, encrypting all the files in their “Documents” folder. The employee has granted a file-sharing application access to this folder, and the application automatically syncs the infected files to the cloud account. Multiple other employees’ computers are also synced with the cloud folder containing the malware, and the moment they click on any of the infected files, the ransomware spreads to their systems as well.
One new variant of ransomware in particular, called Virlock, uses this method to spread. Unlike other ransomware strains, it does not tell the user their device has been infected by ransomware. Instead, it displays an official-looking message claiming to be an anti-piracy warning from the U.S. Federal Bureau of Investigation. The message demands the payment of a fine to avoid incarceration – a tactic designed to coerce businesses into paying the ransom.
Using personal devices for work
Bring your own device (BYOD) is ubiquitous now. Odds are, employees are using their personal devices for work whether or not BYOD is sanctioned by their employer. Unfortunately, access to data anytime, anywhere means more entrypoints into the network, and employees are typically less vigilant about security when it comes to their personal devices and are more likely to connect to public networks.
When employees fail to observe proper security measures, this can result in both their personal data and their employer’s data being held hostage. With 4 per cent of all mobile devices containing malware, ransomware is a real possibility. And, of course, this risk is exacerbated if the employee uses sync-and-share applications on their mobile device.
How can businesses prepare for these threats?
Businesses should continue to back up data both on-site and in the cloud, but with hackers taking advantage of the on-demand nature of the cloud to perpetrate ransomware attacks, businesses must take additional protection measures.
The first line of defence against ransomware is employee education and accountability. To encourage employee engagement, businesses should emphasise the following key points when training employees:
- Exercising caution when using personal devices for work not only protects corporate data but employees’ personal data as well. To keep information safe, employees should be encouraged to avoid connecting to public WiFi networks, be wary of clicking on links in emails and notify their IT department immediately if they suspect their device has been infected by ransomware.
- Sensitive employee information is stored on the company network as well. Once malware infiltrates the corporate network, it can spread to other areas – including human resources files containing employees’ sensitive information. Employees can do their part to protect any data stored on the corporate network by working with IT administrators to understand how to identify phishing emails (e.g. typos, misspelled words and mismatched domain names). Additionally, they should be instructed to only download content or software from trusted sources and immediately run all software updates when prompted.
- They learn valuable cybersecurity skills to apply in their personal lives. Do they know the telltale signs of a phishing email? Or what type of password is most secure? Or whether putting off computer updates really hurts anything? Knowing the answers to questions such as these is key to being security conscious at work, but they’re just as applicable at home.
Now that ransomware can spread more rapidly than ever before via the cloud, generating awareness of how to prevent ransomware is essential. Employees must be educated on how their security habits can negatively impact the organisation ‒ and even their personal data as well. The time to build awareness is now – not when the hacker delivers that dreaded message: “Attention! All your files have been encrypted.”