Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Cloud Providers Publish Ransomware Mitigation Strategies

Cloud Providers Publish Ransomware Mitigation Strategies

This item in japanese

In the last few weeks AWS, Azure and Google Cloud have posted articles and documentation with suggestions on ransomware mitigation techniques on the cloud, highlighting the main protections and recovery preparation actions.

In ransomware events, files are encrypted and money is demanded, usually in cryptocurrencies, in exchange for the decryption key and for not releasing sensitive data. With an increased number of attacks reported in the news, the main cloud providers have released checklists and documentation to prevent and recover from ransomware while deploying on public cloud.

The preemptive actions suggested by AWS in the guide Ransomware mitigation: Top 5 protections and recovery preparation actions are data encryption, setting up the ability to recover apps and data, applying critical patches to the servers, following a defined security standard and having monitoring and automating responses in place. Brad Dispensa, principal security specialist solutions architect at AWS, explains how to use CloudEndure Disaster Recovery as a mitigation strategy:

One of the features of CloudEndure Disaster Recovery is point-in-time recovery, which is important in the event of a ransomware, because you can use this feature to recover your environment to a previous consistent point in time of your choosing.


Azure focuses on what to do before and during an attack to protect sensitive data and ensure a rapid recovery of business operations. In the Backup and restore plan to protect against ransomware article, Terry Lanfear, principal content developer for Microsoft's Azure Security, warns on long term impacts of ransomware:

The real damage is often done when the attack exfiltrates files while leaving backdoors in the network for future malicious activity—and these risks persist whether or not the ransom is paid. (...) Unlike early forms of ransomware that only required malware remediation, human-operated ransomware can continue to threaten your business operations after the initial encounter.

Last month Microsoft partnered with the startup Rubrik to help customers hit by ransomware and published a Rapidly protect against ransomware and extortion guide where Joe Davies, senior technical writer at Microsoft, suggests:

Technical hallmarks of these human-operated ransomware attacks typically include credential theft and lateral movement and can result in deployment of ransomware payloads to many high-value resources in order to encourage payment of the ransom (...) The attacks also have sophisticated business models, with attackers setting their ransom prices based on internal financial documentation from the company, cyber-insurance coverage levels, and typical regulatory compliance fines the company would have to pay.

Google Cloud published the article Best practices to protect your organization against ransomware threats where five pillars are defined: identify cybersecurity risks, create safeguards, detect potential cybersecurity events, activate an incident response program and build a recovery strategy for core systems and assets. Phil Venables, chief information security officer at Google Cloud, and Sunil Potti, VP for Google Cloud Security, stress how ransomware attacks continue to evolve:

Ransomware groups have evolved their tactics to include stealing data prior to it being encrypted, with the threat of extorting this data through leaks. Additionally, some ransomware operators have used the threat of distributed-denial-of-service (DDoS) attacks against victim organizations as an attempt to further compel them to pay ransoms. DDoS attacks can also serve as a distraction.

The National Institute of Standards and Technology recently released the NIST SP1800-25 publication about the prevention of ransomware.

Rate this Article