Lessons to Learn from Recent Ransomware Attacks on Cloud Services

Cyberworld has constantly faced troubles from attackers in various ways. Giants like Marriott International and Twitter went through the struggle of a user data breach, in 2020. Among more recent incidents, EasyJet also revealed that they were hit by a cyberattack that affected 9 million customers. Let’s look at some of the recent cyberattack:

iNSYNQ MegaCortex Ransomware Attack

iNSYNQ, a leading cloud hosting provider, suffered a MegaCortex ransomware attack in July 2019. The company made an official announcement on July 16 (a couple of hours after the attack) as its customers were unable to access their files. Not much information was disclosed. But, the attack was planned for almost 10 days, and the ransomware entered the system through a phishing email.

Lessons to Learn from Recent Ransomware Attacks on Cloud Services

Company chief executive Elliot Luchansky also informed the customers about the attack, followed by a couple of mass emails. He also stated that they were able to control the attack on 50 percent of customer systems, and the attack targeted small files (including backups), and QuickBooks and Sage files were not affected. iNSYNQ also hired a third-party cybersecurity firm to get their data back and conduct further investigation.

Luchansky also said that the hackers demanded a significant amount (did not reveal the exact amount), and the company was ready to pay the sum in Bitcoin. But, the company also understood that paying the ransom would make them a future target. Thus, they decided against it and are still working to recover from the attack.

Cloudnine Realtime Ransomware Attack

Cloudnine, a cloud hosting provider, was attacked by ransomware that caused a disturbance with service availability, which lasted for some days. Letter from Alessandra Lezama, CEO of AbacusNext (the company that acquired Cloud9 Realtime in Feb this year), claims that data centers located in California and Texas, which host nearly 30% of the clients, were affected.

Data centers located in California were recovered on the day of the attack but the Texas-based data centers took longer. The letter also mentions that all the files were recovered successfully without any permanent loss but it does not assure if the client data was just encrypted or also accessed by the attackers, which can be considered a sign of trouble that still looms large on the horizon.

You may also like to read: What Digital CPAs Can Learn from Yahoo Attack?

The company is known for serving accounting sector clients and because of the attack, several clients were not able to access their accounting applications and data. When the issue started, the support team of the company, reportedly, assured that the issue will be resolved in some time.

However, the issue pertained for a long time and some customers even reported that customer support stopped responding to calls and emails later.

Understanding Ransomware Attacks

Ransomware is malware that accesses and encrypts the data into an illegible (or inaccessible) format. The attacker then demands ransom from the data owner to revert the data back to its original format. The popularity of Bitcoin has also attracted the attention of such attackers as it is mostly the method in which ransom is demanded.

The number of such attacks has increased in recent times. Individuals, businesses of all sizes, and even government bodies have been victims of such cases. Different victims have opted for different resorts to handle the attack. While some paid the ransom, others managed somehow to recover the data. A few ended up losing the data permanently as well.

Prevention is Better Than Cure. Always!

Accessibility of the attacker to the data makes the way for the attacker to launch the ransomware. Here are some of the ways that can help you stay safe:

1. Secure storage of the data:

Password protection to the data is the primary step in the process for securing data. Verizon DBIR 2017 suggests that 81% of the breaches are caused because of passwords, which could have been stolen and/or weak. So, keep your password protected. Changing them often and with a strong one is the way to go.

Opting for end-to-end encryption is another important step, especially for the storage that involves the network process. It ensures that data is not compromised during the network transmission or in the cloud-based storage.

2. Be Watchful with Emails

Emails have a reputation for making the way for malware for a long time. 66% of the malware is installed over email attachments, according to Verizon DBIR 2017. If the links mentioned in the email are also taken into consideration, the numbers will soar further.

Ransomware-attacks-cloud-services-comparison

As the users and email service providers strengthen their ends to block the attacks, the attackers are opting for enhanced methods to trick their way around. It has been found that some attackers involve the victims in email threads to gain the trusted access to the emails before sending any malicious element.

The attacker may even use the email domain that is like the email contact victim often interacts with. Representing as someone known they lay their path for attack or malicious software.

3. Software Installation Needs Attention

Software makes life easy, but that can turn completely opposite, at times. Many software, especially the free ones, bring with them various malware such as spyware, adware, etc. Be watchful with the software vendor. They must be trustable. But the job is not over with that.

Attention is required for the installation process as well – which mandatory permissions the software requests, does it carry any add-on software, etc. Do not click ‘I Agree’ without reading what you are supposed to agree with.

Important Considerations with Cloud Services

Security was a prime concern with cloud services when they arrived in the market. With improvements in security technologies over the years, cloud services have come up as a reliable and secure host for data and applications. At the same time, attackers have discovered newer ways to intrude and cause troubles, such as ransomware attacks.

To stay protected while working on cloud services, here are some ways you can adopt.

1. Pick a reliable cloud service provider

Almost every cloud service provider claims to be safe. So, how do you make your pick?

Question them on security technologies and practices that they offer. Experience with the services is also an indication of their ability to tackle attacks. Maintaining a clean sheet for years in continuity speaks a lot for them. You can also demand their disaster management plan and SLA.

Before making a choice, test them on trial. Some brands even prefer to get the third-party security analysis report. Once you are satisfied on all these grounds, choose the service provider.

2. Data centers, their location, networking, and backup

You can consider data center location, cross-data center networking, and backup practices to count on the reliability of cloud services providers. Usually, service providers opt for third-party data centers because of various positive reasons. Therefore, being aware of the data centers on which your data and applications will be hosted can play a crucial role.

3. Availability of support

In the case of Cloud9 attack, a major setback for the clients was the unavailability of customer support for a significant duration. It could be because of heavy customer queries that might have slowed down the response time. But in the professional arena, excuses are not usually accepted, however genuine they may be.

Responsiveness of the customer support adds to the trust of the client when the services may not be at their best. Nice words from company representatives keep the trust with the services intact and it also keeps clients aware of the situation, which keeps them in the right position of deciding in such situations.

References

  1. iNSYNQ Ransom Attack Began With Phishing Email
  2. Dealing With the Cloud9 Realtime Ransomware Attack

Want to interact with our security experts for a tip?

About Nolan Foster

With 20+ years of expertise in building cloud-native services and security solutions, Nolan Foster spearheads Public Cloud and Managed Security Services at Ace Cloud Hosting. He is well versed in the dynamic trends of cloud computing and cybersecurity.
Foster offers expert consultations for empowering cloud infrastructure with customized solutions and comprehensive managed security.

Find Nolan Foster on:

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

ace-your-tax-season-2024-Offer
Copy link