Cloud Provider Ransomware Breach Case Study
Nowadays, where cloud computing has become an integral part of modern business operations, the threat of ransomware attacks looms large.
This episode of The Cybersecurity Insider podcast, hosted by Yigal Behar, tackles an alarming case study about the vulnerabilities that even cloud-based systems face.
Unsettling Discoveries In A Client’s Cloud Infrastructure
Yigal recounts a security risk assessment he conducted for a client where several alarming issues surfaced. One of the most concerning discoveries was that the client’s virtual machines were stored on an Australian cloud provider’s environment.
He explains that these cloud providers can be any service that offers users access to their platforms—from email and database services to file sharing and beyond. He points out that most people use at least one of these services in their daily lives.
Shared Environment Nightmare & Ransomware Attack
The plot thickens as Yigal probes into the security risk assessment. He reveals another alarming finding—the client’s virtual machines were situated in a shared environment. This meant that everyone on that network could see each other’s data. It was a concerning vulnerability that left the client exposed.
Yigal then shifts the narrative to the cloud provider itself, Managed.com, which was hit by the REvil ransomware. He shares an email his client received from them on November 16th, detailing a coordinated ransomware attack on their environment.
To protect customer data, Managed.com took immediate action. They took the affected sites offline and shut down their entire system as a precaution. Their technology and security teams worked diligently to eliminate the threat and restore services. The email assured customers that their data’s safety and security were the top priority and that they were cooperating with law enforcement agencies to identify the attackers.
The email was received very recently showing that the problem is new and needs immediate attention.
The Cloud Is Not Invincible
Yigal uses this case study to drive an important point: just because your data and services are on the cloud doesn’t mean they’re completely safe. He recognizes that cloud storage can be a great solution but it’s necessary to layer on additional security measures.
He advises listeners to double-check all the security controls offered by their cloud provider. He then offers a specific example: enable two-factor authentication (2FA) but use an app on your phone instead of relying on SMS messages, which can be less secure.
Backups & Shared Responsibility
Yigal continues on the importance of backups. He shares an account about a client who received a warning during a risk assessment: If one of your customers is compromised, you’re likely next. The attackers will gain a foothold in your environment and likely access your data.
He speculates that this is precisely what might have happened in the Managed.com case, although the exact details remain unclear.
Yigal outlines a couple of possibilities: the breach could have originated from a successful phishing attack, where an employee inadvertently clicked a malicious link or opened an infected attachment. Alternatively, a seemingly harmless file like an Excel sheet could have contained a hidden downloader that unleashed the ransomware payload.
Regardless of the method, the result is the same: the entire environment is crippled, and drastic measures are needed to mitigate the damage.
Yigal ends the session with a clear message: If you rely on cloud services, the responsibility for securing your data ultimately rests with you, not the cloud provider. Never assume they’ll handle everything. Regular backups are important.
If you enjoyed this session, consider subscribing to The Cybersecurity Insider podcast, readily available on popular platforms such as YouTube, Apple Podcasts, and Spotify.
