{"id":354432,"date":"2021-10-18T15:00:31","date_gmt":"2021-10-18T12:00:31","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/"},"modified":"2021-10-18T15:00:31","modified_gmt":"2021-10-18T12:00:31","slug":"what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/","title":{"rendered":"#What Is RansomCloud, And How Do You Protect Yourself? \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2c360d19b89\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2c360d19b89\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/#Ransomware_and_RansomCloud\" >Ransomware and RansomCloud<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/#Types_of_RansomCloud_attack\" >Types of RansomCloud attack<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/#Piggy-Backing_on_Sync\" >Piggy-Backing on Sync<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/#Remote_Connection_With_Stolen_Credentials\" >Remote Connection With Stolen Credentials<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/#Attacking_The_Cloud_Provider\" >Attacking The Cloud Provider<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/#Who_Is_Responsible_For_Cloud_Security\" >Who Is Responsible For Cloud Security?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-ransomcloud-and-how-do-you-protect-yourself-cloudsavvy-it\/#How_To_Defend_Your_Data\" >How To Defend Your Data<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#What Is RansomCloud, And How Do You Protect Yourself? \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-14484\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/35070844.png?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/35070844.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/35070844.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"1200\" height=\"675\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/portland-usa-mar-7-2021-aws-1931270819\">Tada Images\/Shutterstock<\/a><\/span><\/figcaption><\/figure>\n<p>RansomCloud is ransomware designed to infiltrate and encrypt cloud storage. Responsibility for the security of your data isn\u2019t as straightforward as you might think. We tell you what you need to know.<\/p>\n<h2 id=\"ransomware-and-ransomcloud\"><span class=\"ez-toc-section\" id=\"Ransomware_and_RansomCloud\"><\/span>Ransomware and RansomCloud<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ransomware is a type of malware that infects a victim\u2019s computers and servers. It encrypts the files and data on those devices rendering the network inoperable. To reverse the process\u2014known as decryption\u2014requires a unique decryption key. The cybercriminals extort a ransom in exchange for the key.<\/p>\n<p>Ransomware is big business. Since the start of the COVID-19 pandemic, ransomware attacks have increased by 600%. In 67% of cases phishing emails are used to ensnare the victim. Phishing attacks are emails that are crafted to closely mimic emails from trusted sources, such as online services, banks, and other payment platforms like PayPal.<\/p>\n<p>The emails try to generate a sense of urgency. There\u2019s a problem that needs handling right now, or a special offer is closing soon\u2014don\u2019t miss out! Opening a tainted attachment will infect your computer. Clicking on a malicious link will take you to a bogus website that will harvest your credentials, or <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">download<\/a> malware to your computer.<\/p>\n<p>Meanwhile, the move to cloud computing continues unabated. One of the perceived attractions is improved robustness of operation and superior business continuity. The infrastructure that underpins the cloud offerings from service providers such as Microsoft, Google, Amazon is world-class. And if anyone knows security, it must be those titans of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a>, right? That doesn\u2019t mean these platforms\u2014or any other platform, for that matter\u2014come with neatly parcelled fit-and-forget security. As you may expect, it\u2019s a bit more complicated than that.<\/p>\n<p>Cybercriminals have started targeting cloud platforms and services with ransomware attacks, giving rise to the name \u201cransomcloud.\u201d Whether you adopt a public cloud, hybrid cloud, or multi-cloud infrastructure, the cybercriminals want to get at your data. The more data you have in one place, the more attractive a target that place becomes. If that same data storage holds the data for many businesses, its value to the cybercriminals escalates.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How To Prepare For and Fight a Ransomware Attack<\/em><\/strong><\/p>\n<h2 id=\"types-of-ransomcloud-attack\"><span class=\"ez-toc-section\" id=\"Types_of_RansomCloud_attack\"><\/span>Types of RansomCloud attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There are three types of attack that can infect cloud storage.<\/p>\n<h3 id=\"piggy-backing-on-sync\"><span class=\"ez-toc-section\" id=\"Piggy-Backing_on_Sync\"><\/span>Piggy-Backing on Sync<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Most ransomware is delivered by phishing attacks. The first type of ransomcloud attack infects the victim\u2019s local computer. Phishing emails rely on an action from the victim such as attempting to open a bogus attachment or clicking a link. The attachment is unlikely to carry the malware itself. More often, they run a small program called a \u201cdropper.\u201d The dropper runs in the background and downloads and installs the actual malware. Clicking a link can initiate downloads too.<\/p>\n<p>The malware may present a popup to the user that looks like a permission request from a piece of trusted software. Instead of giving permission for, say, your anti-virus to scan the user\u2019s portion of your cloud storage, you\u2019re inadvertently giving access rights to the malware. The malware can now access that cloud.<\/p>\n<p>Once the victim\u2019s computer is infected the malware may distribute itself across the network from machine to machine, and server to server. Some ransomware looks for a file sync service that is communicating to a cloud service. It piggy-backs onto this and gains access to the cloud storage, infecting and encrypting the data in the cloud.<\/p>\n<p>Once access to the cloud has been established, the ransomware then triggers and encrypts the on-premise computers. It waits until it has either successfully infiltrated the cloud\u2014which it cannot do if it encrypts all the local computers straight away\u2014or it decides that there is no route to the cloud that it can compromise, and settles on a purely local infection.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>The Many Faces of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Social<\/a> Engineering<\/em><\/strong><\/p>\n<h3 id=\"remote-connection-with-stolen-credentials\"><span class=\"ez-toc-section\" id=\"Remote_Connection_With_Stolen_Credentials\"><\/span>Remote Connection With Stolen Credentials<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The second type of attack infects the victim\u2019s local or mobile device. It steals the user\u2019s cloud credentials by monitoring network connections and watching authentication attempts. It may direct the user to a bogus web portal masquerading as the real cloud platform. When the victim signs into the fraudulent portal it harvests their credentials.<\/p>\n<p>By tracking keystrokes on the infected local computer connection details can be copied by the malware to a remote computer. The same credentials are entered automatically by the remote computer. Even if two-factor authentication is in use, the local malware catches the keystrokes on the victim\u2019s device and relays them to the cybercriminals\u2019 remote computer.<\/p>\n<p>A simultaneous login from the cybercriminals\u2019 computer works because the ID and password they have eavesdropped from the victim\u2019s computer are correct, and the 2FA verification is the current, valid verification token. So the cybercriminals now have a connection to your cloud from their own computer. That could be data storage, or it might be corporate email.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>Using 2FA? Great. But It&#8217;s Not Infallible<\/em><\/strong><\/p>\n<h3 id=\"attack-the-cloud-provider\"><span class=\"ez-toc-section\" id=\"Attacking_The_Cloud_Provider\"><\/span>Attacking The Cloud Provider<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A successful attack on a cloud provider is a major coup for the cybercriminals\u2014and a big payday too. They can compromise the entire platform and extort ransoms from some or even all of the customers of that service.<\/p>\n<p>In late August 2019, Digital Dental Record and PerCSoft told their 400 customers\u2014all dental surgeries\u2014that their DDS Safe cloud platform for dentists\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.dentalrecord.com\/assets\/images\/UpdateDDSSafe7.pdf\">had been hit by ransomware<\/a>. Approximately 400 dental surgeries had their data encrypted.<\/p>\n<p>On August 12, 2021 Microsoft were notified of a vulnerability in its\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/click.linksynergy.com\/deeplink?id=2QzUaswX1as&amp;mid=24542&amp;u1=csit\/14472&amp;murl=https%3A%2F%2Fmsrc-blog.microsoft.com%2F2021%2F08%2F27%2Fupdate-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature%2F\">Azure Cosmos Database<\/a>, the software at the heart of its Azure cloud-offering. It was reported to them by a security researcher. Microsoft immediately mitigated the vulnerability. There is no evidence that the vulnerability was exploited.<\/p>\n<p>The vulnerability was in an open-source product called\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/cosmos-db\/cosmosdb-jupyter-notebooks\">Jupyter Notebook<\/a>\u00a0that was integrated into the Cosmos DB, and turned on by default. Microsoft responded to the notification from the security researcher with text-book play-for-play actions, controlling and mitigating the situation immediately. A close call, but no actual breach. But it does show that everyone can be vulnerable.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>Why the Google-Backed Secure Open Source Program is So Important<\/em><\/strong><\/p>\n<h2 id=\"who-is-responsible-for-cloud-security\"><span class=\"ez-toc-section\" id=\"Who_Is_Responsible_For_Cloud_Security\"><\/span>Who Is Responsible For Cloud Security?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The responsibility is shared, insofar as you each have responsibilities. But you\u2019re responsible for different parts of the puzzle. A cloud provider is responsible for ensuring that data cannot be accessed without legitimate credentials. It is their duty to ensure your data is not exposed to risk because of a vulnerability. And if that vulnerability is exploited by a cybercriminal, they are responsible for the breach.<\/p>\n<p>However, they are not responsible for vulnerabilities or exploits that occur as a result of poorly chosen or default passwords, misconfigured software\u2014even if it is software they have provided as part of their service to you\u2014nor for failings on the part of your staff. If someone in your organization falls prey to a phishing attack, your cloud provider isn\u2019t responsible.<\/p>\n<p>Some organizations assume that all security for the cloud falls to the cloud provider. That isn\u2019t the case at all. It\u2019s important to understand exactly where the responsibilities lie, and where the cut-off is for each party. This is key to becoming secure. You must understand what they\u2019re providing so that you can see what you need to provide on top of that. And knowing where the boundaries of responsibility lie is the only way you can ensure there are no unguarded or neglected areas in the fringes between you and your provider.<\/p>\n<h2 id=\"how-to-defend-your-data\"><span class=\"ez-toc-section\" id=\"How_To_Defend_Your_Data\"><\/span>How To Defend Your Data<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ask for clarity. Reputable cloud providers will have planned for how to recover from a ransomware attack and other types of outage. They will have documented it and rehearsed it. They may not be able to share the plan\u2014it might give away information that is for internal use only, and could feasibly weaken their security\u2014but you can ask when it was last tested or reviewed. They may be able to share with you the results of the last walk-through of the plan.<\/p>\n<p>Be clear on where their responsibilities stop, and where yours start. Read the small print.<\/p>\n<p>Assume the worst can happen, and plan for it. If your cloud provider has an outage, how will you continue to operate? For example, you might leverage more than one cloud vendor and adopt a multi-cloud strategy. The same thing can be achieved with a hybrid strategy, utilizing on-premise servers. Whatever your plan is, verify it works before need it.<\/p>\n<p>Always do backups, store them in multiple locations, and do test restores. Update operating systems, software, and network device firmware with security and bug-fix patches. Use a market-leading endpoint security suite, covering antivirus and anti-malware.<\/p>\n<p>Because almost 70% of ransomware attacks are initiated through phishing emails, ensure your staff receives cybersecurity awareness training and that it is periodically topped up. A benign phishing attack gives you a measure of how susceptible your workforce is to this type of social engineering. There are online services you can use, and security firms that will conduct benign phishing campaigns for you.<\/p>\n<p>A little education can save a lot of heartache. And possibly your business.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>What Are the Three Pillars of Cybersecurity?<\/em><\/strong>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/14472\/what-is-ransomcloud-and-how-do-you-protect-yourself\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#What Is RansomCloud, And How Do You Protect Yourself? \u2013 CloudSavvy IT&#8221; Tada Images\/Shutterstock RansomCloud is ransomware designed to infiltrate and encrypt cloud storage. Responsibility for the security of your data isn\u2019t as straightforward as you might think. We tell you what you need to know. Ransomware and RansomCloud Ransomware is a type of malware&#8230;<\/p>\n","protected":false},"author":1,"featured_media":354433,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/10\/35070844.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-354432","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/354432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=354432"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/354432\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/354433"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=354432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=354432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=354432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}