Ransoming the Cloud
On the ransomware resources page, I recommended:
Back up your data to an external device. And to cloud services as well, if you like. Bear in mind, though, that if your data is backed up somewhere that’s ‘always on’ while you’re using your computer, there’s a risk that ransomware (or other malicious software) might be able to encrypt, delete or corrupt your backed-up data too. For the same reason, don’t try to reinstall backed-up files from an off-line resource (at any rate, a write-enabled offline resource) until you’re sure the malware is no longer present and active on your system.
In Ransomware a Threat to Cloud Services, Too Brian Krebs notes an instance where, when one of Children in Film’s employees opened an attachment passed off as an invoice: within 30 minutes, over 4,000 files on a cloud server, mounted as a local drive, had been encrypted by Teslacrypt. Fortunately, according to Krebs, the cloud hosting company kept daily backups and the company was able to use BleepingComputer’s TeslaDecoder to decrypt the files without paying the extortionists, but the inconvenience was still significant.
Cloud Security Alliance Survey
The Register reports that a CSA poll found that:
- Some respondents would pay very large sums to extortionists to avoid data dumps
- That gambling sites continue to be targeted with threats of DDoS attacks, often coinciding with major sporting events
- That “… even police and law enforcement agencies [are] recommending organisations hit by the most water-tight ransomware encryption attacks to pay up to get their decryption keys.”
And here are a couple of items about the DD4BC (DDoS for BitCoin) gang:
- ESET reports on Operation Pleiades in which several countries cooperated with Europol against the threat.
- A related story from the BBC.
All items added to the ransomware resources page.