Request a DemoEmergency Assistance
SNOWFLAKE CUSTOMERS

Find out fast if you are impacted by this active threat campaign. >>

SNOWFLAKE CUSTOMERS
Find out fast if you are impacted by this active threat campaign. >>
Home
»
Resource Library

What is Cloud Ransomware? Cyber Terms Explained

Featuring: Tal Mozes, CEO & Co-Founder, Mitiga

So, if we start with ransomware and then go to cloud ransomware, in cloud there will be two different types: ransomware and extortionware.

Classic ransomware usually means that someone has encrypted your servers, your systems, endpoints, and most often your backups too. And in order to recover, you will need to retrieve an encryption key from the attacker, and usually it will take some time to decrypt all your data and it will cost you a lot of money, which is usually not covered by the insurance company as well.

With cloud ransomware, we usually are talking about file sharing systems. First, the attacker will encrypt your files locally in your computers, and then it will encrypt all the files on the file sharing systems that you're using. And again, will ask you to pay for the decryption key in order to decrypt your file so you can keep on working. It also might influence your backups, depending on how are those defined; because if you have an incremental backup, you might already have backed it up encrypted, so you might not be able to recreate it.

With extortionware, it's not about going back to business as usual and using your files. It's more about data that has been leaked and the attackers are extorting the organization to pay them a certain amount of money, usually in bitcoins or different cryptocurrency, in order to not publish the files that they have captured or were leaked and compromised. Those files usually will contain PII, private data on your customers, or anything else which could be sensitive to you.

It's very important to realize which data was leaked and when, if it's still valid and important for the organization, because it could be a very old data that we don't care about, or we care less than new generated data. It's also very important to understand the amounts of data that have been compromised. Sometimes it's a very small amount and the attacker is saying that this is just a sample of the data that has been leaked, even though it's the entire data they managed to capture.

Having the right logs and having the right controls to be able to understand quickly which data was leaked, where from, and when, is a key to have better negotiation.  Getting those answers in minutes or hours will give you the upper hand after you have been breached. And also, it will help you to understand if you need to do breach notification, if you need to worry about your customers, third parties, comply with different regulations and so on.

Learn more about what it takes to combat cloud ransomware. Get the eBook.

Video

Cloud Security and Cyber Insurance Experts Help Organizations Learn How to Mitigate Cloud and SaaS Threats

We really need to define and understand “Where is the border between our security or what we invest in cybersecurity as a client, and between the infrastructure?” And sometimes because they're so big and because they are, we trust that they have everything, is that a right presumption from our side?

Video

Protecting Data and Access in Cloud Environments

When we're talking about this modern era now, what new challenges do you need to address that are different in terms of access, data, and identity that perhaps are different than things you might've had to think about a couple years back?

Video

Get to Know Mitiga: Cloud and SaaS Threat Detection, Investigation, and Response Leader

After 25 years of experience in cybersecurity, we came to a conclusion that in cloud detection, investigation, and response, there is still no single good solution that can oversee the entire landscape of the digital footprint.