lolloj - Fotolia
In its latest quarterly report on the cloud, Netskope reported that 43.7% of malware found in the cloud is carrying ransomware and one in 10 of the enterprises monitored by Netskope yielded ransomware-infected files in sanctioned cloud apps.
Although the Netskope Threat Research Labs report covered only cloud apps that were officially approved by the enterprises using them, it discovered an average of 26 pieces of malware in cloud apps across organizations where cloud ransomware was present -- and over half of all infected files were shared publicly.
Sanjay Beri, founder and CEO at Netskope, said in a statement: "With the rise of ransomware, the cloud threat landscape is now increasingly complicated; IT teams need deeper intelligence, protection, and remediation that can help them stop malware and ransomware in their tracks and prevent them from spreading."
Solutions to the cloud ransomware threat have yet to catch up. Netskope's recommendation was to have security teams focus on the cloud malware threats. "With these threats often delivered through phishing and email attacks, security teams should consider training sessions for employees on spotting suspicious emails and not opening attachments from unknown sources or suspicious email addresses. Within a cloud context, files that have been encrypted can easily affect other users when they are in sync folders."
Other suggestions from Netskope included "using a cloud access security broker (CASB) to detect and remediate ransomware that affects files in cloud applications, as well as enabling the versioning function in Box, Dropbox, Microsoft OneDrive, Google Drive, and other file-sharing applications in order to roll encrypted files back to their last known good version and fully recover from ransomware attacks."
Experts agreed that as cloud ransomware becomes more common the risks will continue to grow -- and finding solutions will be challenging.
"Now more than ever, companies need to prepare for a ransomware attack by implementing fully-baked business continuity plans," said Richard Walters, senior vice president of security products at Intermedia, the Mountain View, Calif., business cloud app firm. "These should incorporate off-site, real-time cloud backups to ensure file archives can't be deleted and employees can access clean versions of the files on another device."
"The number of options for enterprises to reduce risk is decreasing," said Vishal Gupta, CEO at Seclore, the Sunnyvale, Calif., enterprise digital rights management firm. "Infrastructure protection strategies focused on protecting the device, the application or the network are moving to the necessary but not sufficient category. The amount of malware infiltrating even 'secure' cloud applications and data being delivered via containers like office files and PDFs is already at 43.7%, and increasing every day. Focusing on securing the information itself as it moves in and out of cloud apps, which is part of a data-centric security model, is the future of security."
"The fact that ransomware attacks are now so pervasive in the cloud only reinforces the need for a multi-dimensional defense strategy, including the use of machine learning and artificial intelligence techniques to pinpoint small changes in behavior that identify malicious carriers such as email, while flagging telltale signs that a user has been infected" said Larry Lunetta, vice president of strategy at Niara, the Sunnyvale, Calif., security analytics firm.
"One of the biggest risks ransomware poses on enterprises isn't the ransom that the executives might have to pay, it's employee downtime," Walters said. "The major damages occur when employee productivity is abruptly halted by ransomware attacks, jeopardizing business operations and sales. Companies can't afford the crippling effects of downtime, as that tends to be pricier than the ransom itself."
Gupta said the risks for enterprises vary. "At the least, a breach is an embarrassment -- at the worst, it means lost intellectual property, compliance violations, lawsuits and loss of reputation. Risk assessment can also be a very subjective exercise since the true risks of information breaches is almost never obvious."
Find out more about how cloud ransomware attacks are targeting cloud providers.