Drata automates evidence collection and monitors risk 24/7 for 14+ frameworks, including SOC 2, ISO 27001, GDPR, and HIPAA, so you can stay compliant without the messy, manual work. Book a demo to see compliance automation in action. Book a demo.


When we look at ransomware incidents, its usually in the context of on-premise and individual devices. But the cloud should not be overlooked when dealing with ransomware threats. Dave Cartwright, CISSP, explains.

First of all, let’s answer the obvious question: what is a “ransomcloud”? Well, according to the best definition we’ve found so far, it’s about “attacks that target or take advantage of weaknesses or legitimate functionality in cloud resources to deploy malware, encrypt data, and extort money from businesses”.

Now, let’s be honest – just because we have a new word this doesn’t mean it’s a new concept. As with any system, the moment it’s released is the moment that bad actors begin looking for vulnerabilities in it. And it has become commonplace to see report after report of data breaches of cloud-based storage areas – Amazon EC2 , for example, or Microsoft Azure BLOBs . And don’t think for a moment that Amazon or Microsoft are rubbish at security – these breaches are usually down to users configuring things improperly, and/or not considering security as they should.

Why, though, are we calling out ransomcloud threats in particular? Aren’t they just like any other threat we face? In a word: no. True, the threats that face our on-premise systems are pretty much reflected in our cloud installations – but what is most significant is that not-so-small matter that cloud services are by their nature connected to, and thus attackable from, the internet.

It's actually slightly worse than that, though. Imagine you have a super-sensitive system in your building that you want to defend absolutely against a cyber attack. You can configure it to accept connections from certain systems, or you can put it behind a firewall. But you can also unplug it from the network completely. True, that’s a fairly extreme approach, but it’s a perfectly feasible and valid one if you consider that the risk of network-based attack outweighs the value of having it electronically connected. In the cloud, you simply don’t have that option: even if you don’t connect a virtual machine to the production data network, it still exists and is manageable (and hence breakable) via the cloud service’s management console.

So, what can we do about ransomcloud threats? Five simple steps will get you a long way toward defending yourself effectively.

First, and most commonly forgotten, is that we need to treat the cloud like a proper IT system. Why is it that so many organizations that adopt cloud services completely forget that there are such things as design, security review, testing and change control? According to one report , 55% of cloud data breaches are down to human error – which is something we can address to a large extent by ensuring due process is in place and is followed, with proper checks at each stage to maximize our opportunity to keep the cloud secure.

Next, we need to get the skills we need to secure our cloud installations. IT specialists – particularly network specialists – who are highly skilled with on-premise systems have a steep learning curve to scramble up when it comes to cloud systems. Even when you have a highly virtualized on-premise IT infrastructure you will still have physical network switches, and most likely some routers and firewalls (particularly at the “edge” between the LAN and the internet) that are well understood by the network types. In a cloud world everything is virtual, and the concept of a physical “perimeter” is simply non-existent, which brings the need for a major mind-shift on the part of the infrastructure team.

Third, think like a hacker. Just as a potential attacker can scan your cloud systems for potential vulnerabilities, there’s nothing preventing you from doing so too. If you do have security holes then it’s far, far better for you to go looking for them and find them before the bad actors do – and there are plenty of products out there to help you do so.

On top of this, implement as much monitoring and alerting as you can manage and afford. In an on-prem setup it’s normal to have extensive monitoring, but in a cloud world whose always-internet-connected nature escalates the risk somewhat you need to ramp up the monitoring accordingly.

Finally, but by no means least, you need rigorous controls. And the most important of these is change control. Proper change management is absolutely key to any organization – in general operation, not just in IT. Experience shows that when an organization introduces a robust change management process, errors and breaches reduce significantly. And although some IT professionals take offence at the idea of someone “checking their work”, the simple message is: grow up, that’s not what it’s about. Nobody is perfect, and what would you rather: one of your technical peers spots an error in your proposed firewall rules, or your organization suffers a 10-million-line data breach because you unwittingly exposed the cloud storage?

So yes, ransomcloud threats are a thing. But even if this article has introduced you to a new word, it hasn’t introduced you to a new concept. AWS, for example, has been with us since 2002 – maybe they could have a new strapline: “21 years of customers unwittingly leaking data”. (Incidentally, Microsoft could do the same for Azure, except it would be “15 years of customers …”).

But with common sense, sensible controls and the right tools, it really isn’t all that much harder to defend your cloud world than it is to defend your on-premise installations.