Ransomware and Cloud Backups

  • Published: Wednesday, March 11, 2020

Ransomware is an increasingly popular means for cyber criminals to extort money from users and organizations.  As a result, emphasis is being placed on mitigations for this attack, specifically, offsite backups.  Since the cloud couldn’t be any more offsite, all backups stored in the cloud are protected, right?  The answer is, not necessarily.

A couple years ago Brian Krebs posted an article detailing a firm that ran all of its operation off of a cloud solution.  Things were going great till one person opened an e-mail attachment they shouldn’t have.  Within thirty minutes every single file the firm had placed on the cloud provider’s storage was encrypted.  Not only that, other clients of the cloud solution that had files stored on the same server found that they had been encrypted.  Despite the cloud solution having up-to-date backups it still took them about a week to fully restore everything.

So how did this situation turn bad so quickly?  Most cloud storage relies on syncing to make sure it has the most up-to-date backup of what is being worked on.  On some cloud backups the file is completely replaced every time it is updated.  If the newest version of this file is encrypted by a malicious program, the cloud storage is going to do what it always does and overwrite the old version with the new.  Fortunately, most cloud backups now have a feature called versioning, where the old copies of the file are saved alongside the new changes made to the file.  If ransomware hits a file, no problem, clean your system and revert back to an older version.

There is a temptation with third party solutions to assume all risk has been handed off to those third parties.  The truth of the matter is every cloud storage vendor details some form of “shared responsibility.” Which means, in order to have the best protection, it is your responsibility to configure the service according to best practices.

There is some good news on this front.  Third party vendors WANT your data to be as secure as possible, that’s just good business for them.  So guides on best configuration practices are available.   Links to configuration guides for the most prominent cloud providers are below.

Remember at the end of the day it is your responsibility to make sure your data has the protection it needs!


AWS: https://docs.aws.amazon.com/aws-backup/latest/devguide/getting-started.html

Azure: https://docs.microsoft.com/en-us/azure/backup/

Google Drive: https://support.google.com/drive/answer/2374987?

Google Drive Versioning: https://support.google.com/drive/answer/2409045?co=GENIE.Platform%3DDesktop&hl=en

OneDrive: https://support.office.com/en-us/article/sync-files-with-onedrive-in-windows-615391c4-2bd3-4aae-a42a-858262e42a49