The Threat of Ransomware and Malware in The Cloud: Prevention, Protection, and Security

Drew Bixby
Read Time: 4 minutes

Systems compromised by malware and ransomware are a common topic of cybersecurity stories in recent years, with high-profile attacks such as WannaCry making headlines after locking down numerous systems run by public organizations including the NHS. The question lingering on the minds of IT professionals worldwide remains, will malware and ransomware become an even bigger problem in the cloud?

Cloud security remains one of the chief concerns for any organization that is either considering or in the midst of transitioning to the cloud. A recent Crowd Research Partners survey revealed that 90% of all cybersecurity professionals surveyed had concerns about cloud security.

Of the threats listed by the 400,000-member Information Security Community on LinkedIn, 67% noted data loss and leakage ranked highest among the top three security concerns ahead of threats to data privacy (61%), and breaches of confidentiality (53%).

A new McAfee survey revealed that one in four users of public cloud services has experienced some form of data theft. This report would support the notion that the cloud, while structurally more secure than a traditional on-premise network built from scratch, remains a place where vigilant security precautions are no less critical.

More concerning is the recent revelation that attack methods such as malware and more specifically ransomware are beginning to utilize the cloud as a point of entry. MIT recently released a report indicating that in 2018, the cloud would be a likely vector of attack. 

malware and ransomware can present in a multitude of ways

Malware and Ransomware

Malware and ransomware are two names for a similar style of software. Ransomware is a form of malware, but not all malware shares the same method of attack.

Cybersecurity firm Norton defines malware as:

Malware is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner.

With ransomware, a system’s data is encrypted and rendered inaccessible to the system’s user and administrators. The only party with the ability to unlock that data is the one responsible for the ransomware.

Victims are lured in by the trojan typically through phishing techniques such as emails with embedded files or links to files claiming to be something they’re not. Some websites encourage users to download the ransomware on the pretext that it’s something else, such as a pirated movie or productivity software.

Because of these common delivery methods, ransomware and indeed even malware as a whole, have been largely associated with personal computers and individual workstations. They make their way onto local networks because an employee or family member was tricked into downloading it.

However, the cloud is not immune. A recent MIT report indicates that ransomware is likely headed to the cloud in 2018.

Indeed some variants of Ransomware already use the cloud as an injection tool. Petya, a ransomware trojan that made the rounds in 2016, infected its host system and spread by way of Dropbox. It identified itself as a resume, only to self-extract and install itself on any machine that accessed the link.

Users of Microsoft Office 365 were susceptible to a ransomware variant called RANSOM_CERBER.cad which was laced to malicious office documents attached to spam emails. It, like other malware and ransomware applications, relied heavily on users’ trust to bypass security blocks.

Systems compromised by malware and ransomware are a common topic of cybersecurity stories

Common Vulnerabilities and Attack Prevention

With any malware or ransomware attack, prevention is key. Once malicious scripts have made their way into your cloud account, it can be exceedingly difficult to track it down and eliminate it correctly.

The cloud primarily acts as a vector of infection, carrying the malware and distributing it to individual systems that are linked to or in other ways connected to the cloud service.

Malware makes it way onto cloud accounts in a number of different ways. The most popular of which being phishing techniques and taking advantage of poorly configured storage servers.


The first line of defense between your protected data and an infectious program could very well be a firewall. Firewalls are virtual defenders for your computer, network, and systems that scan information being uploaded and downloaded from the internet or outside sources. There are a multitude of different types of firewalls, from hygienic scrubbers meant for assessing email threats to endpoint software designed to protect individual machines from malware.

The next generation of firewall technology can help you protect your cloud data from thieves. Virtual Firewalls help provide a permeable barrier between internal networks and cloud infrastructure, allowing users to have access to cloud resources without necessarily putting the entire system at risk. Some of the leading names in Virtual Firewalls are the same ones you might be familiar with from a home firewall: Microsoft, SAP, McAfee, and Cisco Systems.

Employee Education

One important way to prevent infection of your cloud network is to educate your team on the risks associated with clicking on links from unvetted sources and taking a proactive approach to securing network resources.

A growing number of companies practice a bring-your-own-device (BYOD) approach. Employees are often more comfortable using their own mobile devices for email and other light tasks both inside and out of the office.

Contractors typically come in with their own laptops and desktops. This creates a low-cost solution for new businesses growing a team without having to invest in on-premise hardware, but it greatly increases the potential that an outside system will bring in malicious code – often unbeknownst to the system’s owner.

Educating your employees on how to minimize the risks of accidental infection is a big step forward. Be sure to develop comprehensive BYOD policies for internal employees and contractors that empower the security of your data. This is especially true for cloud services, where accessing data remotely is a common practice.

Misconfigured Cloud Resources

A report from security research firm RedLock states that 53% of all businesses that use the cloud have unintentionally exposed at least one part of their cloud services to the public. 81% are not properly managing their cloud resource security.

In recent months, data belonging to organizations such as FedEx, Verizon, the NSA, and even the Pentagon have been discovered on unsecured Amazon S3 buckets. In FedEx’s case, over 100,000 scanned personal documents including driver’s licenses and passports were sitting on a cloud server without even a password keeping it safe.

This doesn’t just put a company’s data at risk, but it creates a prime target for malicious parties to infect the cloud network with ransomware.

In many cases, the buckets are not only accessible to unwanted parties, but they’re also writable, and they contain enough information to grant someone access to other cloud resources, creating an open door by which someone could hijack a company’s infrastructure and plant malicious software in numerous points throughout the network.

will malware and ransomware become an even bigger problem in the cloud?

Evolving Threat

The idea of the cloud being a host to malware such as ransomware is scary enough, but as artificial intelligence and machine learning become more prevalent, the methods of attack by malicious parties are evolving rapidly.

An MIT study indicated that by the end of 2018 we would start seeing ransomware attack the cloud resources of corporations. It lists smaller cloud providers as a likely weak point in the market, citing smaller teams of security professionals building a solid security foundation that can hold up to rapidly-evolving infiltration techniques at the hands of hackers.

Larger providers like Amazon AWS, Microsoft Azure, and Google Cloud are certainly more robust solutions, but all the security features in the world go to waste if a company’s cloud network is not configured properly.

This is why we here at DoubleHorn take great care in advising our clients throughout their cloud migration. When it comes to the cloud, you can have achieved world-class security that stands a level above what traditional on-premise solutions can provide. It just takes knowing the right solution for your business. Schedule a consultation today.