Ransomware Attackers begin to hit Cloud Infrastructure

Over the past few months, it’s become clear to ransomware attackers that governments and large companies are willing to pay up big when it comes to regaining access to their data. A few weeks ago, a Floridian city handed over $600,000 ($885,000 AU) to hackers who locked the city’s computer systems.

Fast forward to this month, and ransomware hackers have turned their sights away from single-user attacks, and toward data centres, cloud services and enterprise servers. Without a doubt, this is disturbing news when it comes to the smooth operation of some of the world’s most essential services.

You won’t need to look too far into the cloud computing industry to see that this new focus for ransomers is significant. Companies like Apple, Amazon and Facebook all rely on data centres for their services to operate correctly, and a single lockdown could cut services including messaging and VoIP calling to the entire planet.

Here’s What’s Changed

In the past, ransomware attacks were primarily limited to personal computers, where files on home and work computers were encrypted, and a fee was demanded for the return of data. However, as ransomware businesses look to increase revenue, new targets are now large organisations who rely on cloud networks.

As reported recently be industry experts, ransomware now hacks and encrypts back-up data stored in cloud service networks. With the potential for such a severe impact on the daily life of those around the globe, cybersecurity company Vectra spotlighted these new attacks in their latest ransomware report.

The company stated;

‘Because the goal in a ransomware attack is to propagate as wide and as quickly as possible, it is desirable for file encryption to occur beyond the local files. When the infected computer has access to documents in network share volumes – with their high-capacity data storage – that single host can lock access to documents across several departments in a targeted organisation.’

What this essentially means is that it’s now in a ransomware company’s best interest to attack global infrastructure, rather than smaller localised businesses.

Global Target Industries

As we noted above, there has been a significant shift away from attacking personal computing, and there are now a few primary targets on the receiving end of system-crippling ransom attacks.

On a global scale, the most common target, by far, is the financial industry. Ransomware attackers understand the importance of personal data held by these companies, and locking access to it almost immediately results in payment-to-unlock.

Vectra head of Security Analytics outlined that, ‘Banks have money, lots of it – and usually belonging to other people. Downtime at a bank means people lose access to their money, which is expensive. That means a bank is more likely to pay a ransom to get back encrypted data.’

Other industries commonly targeted include insurance, education and governments.

Protecting Your Business

Unlike in the past, keeping devices running the latest software versions and installing anti-virus programs won’t work effectively. Companies are going to need to be more intentional and robust when it comes to protecting workplace infrastructure, and this involves keeping back-ups offline at all times.

It’s also recommended that you forgo paying the ransom until you have an expert take a look into the devices affected. You may find that they can be unlocked for free, and there is no guarantee the attackers will unlock the devices after the ransom is paid.

Keep in mind that a solid vpn solution should also be in place when data sharing and backing up within the workplace is concerned. It’s highly advised that all communication remains encrypted to reduce the likelihood of ransomware attackers accessing your local data.

---

Categories: News