Most of us are aware of various cyber fraud threats including the increasing proliferation of ransomware software. The U. S. Department of Justice estimates there are 4000 successful ransomware attacks every day. I am sure most readers are using anti-virus and anti-malware software that includes some ransomware protection for their systems. What surprises me is the increasing amount of information that businesses, not-for-profits, and even individuals store on the cloud without considering the risks to their data. Many cloud users are not aware that ransomware can infect files stored on a cloud server.
Ransomware is getting easier to obtain and use. EMSISOFT published an article giving step by step instructions on how criminals can organize a ransomware start-up company. Ransom32 is a user friendly ransomware program. Simply use your TOR network to login and provide a BitCoin address for the ransom funds to be deposited into. You can even customize the ransomware to determine how many BitCoins to charge, how long of a latent timeout is provided, etc. The control panel allows you to track how many systems you have infected, how many screens are currently locked, how many victims have paid, and the total BitCoins you have received from the victims.
Some ransomware specifically targets cloud based systems. For example, RANSOM_CERBER.CAD specifically targets files in Microsoft 365 and “cuteRansomware” targets Google Apps. There are also ransomware programs that can be shared through DropBox, Google Drive, OneDrive, and other file sharing services. Virlock ransomware is a common malware program that can spread on cloud services. One estimate indicated that 10% of cloud users currently have malware on their cloud based files.
In many cases the cybersecurity for cloud based applications is better than the cybersecurity for most individuals and small businesses but you need to protect yourself. Make sure you ask for a Service Organization Controls Report (SOC 3) from your provider to validate that their internal controls have been audited. Also, keep a local, offline backup of your data so that if you do become a victim of ransomware you still have most of your data, depending on how long it’s been since your last backup.