Ransomware: The Hidden Threat in Cloud Storage
According to a release from the U.S. Department of Justice, “Roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year”. With Amazon S3 buckets continuously being the storage medium for uploaded files by most organizations, the attack surface is only increasing when an S3 bucket is left misconfigured and storing infected files.
Attackers do not discriminate, although it appears focus has shifted over the years from targeting individuals to organizations that can make bigger payoffs and opt to do so to avoid downtime and the expense of rebuilding. It seems bad actors have begun to favor opportunities that enable them to maximize profits.
AWS Shared Responsibility Model Doesn’t Mean You’re Protected
AWS provides permissions and security configurations for S3 to protect buckets but the files that are uploaded to buckets still provide a vulnerable point of entry for ransomware to infect your organization. If a user uploads an infected form to your S3 bucket, it leaves the potential for downstream risk when users within your organization start opening and interacting with the infected file. The file and its contents are ultimately your responsibility even though it was uploaded by another user.
While it’s not prominent on the AWS site, Amazon maintains a shared responsibility model that makes it clear to users that they are responsible for the configuration and security of any AWS instance, including S3 buckets. Ultimately AWS operates the infrastructure and ensures security at that level but when it comes to actually securing your bucket and files within it, the responsibility falls on you.
I Already Have Antivirus Software Installed On My Employees’ Workstations
Antivirus software can help prevent ransomware from spreading across a computer and possibly an entire network. However, stopping the infected file from ever reaching your workstations and network in the first place is an even better defense.
What Do I Have to Lose?
As organizations continue to expand their use of object storage, there is little or no preparation for the expanded attack surface the files within a bucket create.
- Lost revenue: If your infrastructure is a critical part of your business, an outage can mean the loss of hundreds of thousands or even millions of dollars per day.
- Civil or criminal penalties: Handling sensitive files irresponsibly can mean costly penalties that can ultimately bankrupt your business.
- Loss of data: Losing data due to ransomware can be detrimental to your organization.
- Customer trust: When your customers submit sensitive files they trust that you are handling it securely. A ransomware attack can mean a breach of customer trust.
Who’s Being Targeted?
While ransomware attacks have been carried out against companies of all sizes across all industries throughout the world, The State of Ransomware 2021 (an independent survey commissioned by endpoint and network security provider Sophos) suggests 37% of organizations – over a third of the 5,400 surveyed – were hit by ransomware last year. Organizations within the retail, education, and professional services sectors were hit hardest with ransomware attacks, with the IT, technology and telecom sector and energy, oil/gas, utilities sector close behind.
It’s Not All Bad News
Even while industries are being targeted there is some good news to come out of the report. While 37% of organizations reporting a ransomware attack is a high number, the good news is that it is a significant reduction on the previous year’s report, when 51% said they’d been impacted by ransomware. A big part of this can be attributed to organizations implementing more defenses to fight against ransomware at the source.
How Can Using Antivirus for Amazon S3 Help In The Fight Against Ransomware?
Implementing Antivirus for Amazon S3 provides your organization with a first line of defense against files infected with ransomware. When a file is uploaded into an S3 bucket it can be scanned by Antivirus for Amazon S3 where it is checked for the latest virus signatures.
If the file is safe you are able to continue using it. If it’s found to be infected then it is quarantined in a separate bucket for further review cutting off access to the file from the rest of your team.