Ransomware is a financially motivated crime with the goal of inhibiting business systems and obtaining a ransom payment. Historically, ransoming data residing in traditional on-premises enterprise workloads and government systems have resulted in ample financial gain for assailants using ransomware attacks. With the expanding cloud footprint of modern digital systems, organizations are now trying to determine if ransomware can affect cloud-based workloads to the same degree, and further pondering “will there be evolutionary pressure on attackers which forces them to evolve their tactics.”
With recent observations of trends in cloud adoption and data migration, my conclusion is such: I do not see how ransomware COULD NOT become a larger problem for global business.
My thesis on this subject can be summarized simply as: Wherever critical data lives, ransomware will go. When business data resides in the Cloud, rather than, say, in an on-premises database, it makes financial sense for attackers to evolve their tactics to target cloud systems with the same objectives as on-prem systems.
This paper serves to outline paths a malicious actor in the cloud might take to affect the availability of data by using the tools provided by the Cloud Service Provider (CSP). In addition to attacker behaviors, I have outlined proactive steps to secure cloud APIs which provide cryptographic services, architectural patterns to make securing these systems easier and methods for detecting cloud-native ransomware.