Can Ransomware Infect Cloud Storage?

보호 June 16, 2022

Here are the essential things you need to consider regarding ransomware and your cloud storage strategy.

For starters, can ransomware infect cloud storage? The simple answer is that cloud storage is not inherently immune to ransomware. However, as we will explore, cloud storage can give you a significant data protection advantage with more flexible recovery options.

As ransomware attacks increase, many are wondering what they can do to protect themselves. As a natural response, cloud storage and backup vendors are positioning their technology as a solution to the ransomware threat.

In this post, we will discuss how cloud storage can be the cornerstone of your ransomware insurance plan, but also how it is not a silver bullet in and of itself. Thus, we will also explore some additional things you need to consider when leveraging the cloud in your ransomware strategy.

How Can Ransomware Infect Cloud Storage?

To fully understand how ransomware can infect cloud storage, let us examine the common approaches to cloud storage.

Your cloud storage is vulnerable to ransomware to a large extent by way of the fact that it is syncing with local data storage.

For example, a file sync-and-share solution like DropBox or OneDrive allows you to work on your files locally. Any changes that you make sync up to the cloud, right?

When ransomware strikes, it is going to rip through your files locally and encrypt them, and the file sharing engine is going to sync this change to the cloud storage copy as well. 

The same concept is true in enterprise scenarios with cloud storage gateways or other storage tiering solutions. The local copy is likely to become encrypted by the ransomware and sync up to the cloud.

Alternatively, if there is a pointer, it is liable to recall a copy of the item from the cloud and encrypt it and sync the encrypted version of the item back up to the cloud at some point.

Does Versioning Protect Your Data?

With versioning, the idea is that existing versions of your data are immutable. Since they cannot change, any modification is going to result in a new version.

Versioning is, therefore, an advantage against ransomware because the encryption attack is effectively going to result in a new version of your infected files.

However, not all cloud storage solutions have versioning, or versioning may not be turned on, so we recommend that you verify this with your cloud storage provider.

Recovery Considerations with Cloud Storage

If there is cloud storage versioning and it is enabled, then you need to see how versioning can come to the rescue in a recovery scenario.

After removing the ransomware, are you able to easily leverage the version history to recover your local data to the last known normal version? This assumes that the cloud storage solution you are using includes data recovery features. Not all do.

In the cloud storage, are you able to identify and expunge the bad version and promote the last known good version to become the latest version?

Cloud Advantages Versus Traditional Backup for Ransomware Protection

Ransomware is a new threat type that, for the most part, sidesteps your anti-virus scanning software which uses signature-based detection. For this reason, an in-depth ransomware defense strategy needs to be much more than having an up-to-date virus definition and making a regular backup of your data.

Consider also that it is possible for ransomware to go undetected for days or weeks before the problem is found. Ransomware often will not infect the entire content profile in an enterprise file system – usually just a portion. With the vast majority of data being stale, we may not bump into encrypted content right away. This is a knock against relying purely on traditional backups since you may recycle backups before learning that ransomware has infected some of your data. 

A data-aware hybrid cloud storage solution has distinct advantages for protecting against ransomware. First, it can detect abnormal file access or file modification activity, identify the user account, and block further action with an alert to the administrator. Furthermore, it can isolate the infected item versions and enable effective quarantine and recovery.

New Cyberattacks Require New Protection Strategies

With governments having an interest in perpetuating and leveraging vulnerabilities, and ransomware proving to be an effective strategy for attackers, you can expect cyberattacks to persist.

Will ransomware infect cloud storage? Absolutely. You need to build out strategies to prevent that from happening, but at the same time, you need to expect that it will and have a recovery strategy as well.

Veritas NetBackup SaaS Protection, aka NSP,  makes it possible for organizations to securely archive, backup, and manage file system data in the cloud to enhance data security, streamline recovery scenarios, reduce storage costs, and meet WORM storage compliance requirements.

Connect with us today to explore how the cloud can be an advantage to your ransomware protection strategy.

Geoff Bourgeois
Chief Cloud Strategist