June 27, 2017
SaaS Apps Are Not Immune to Ransomware Attacks
In May, a massive WannaCry ransomware attack infected more than 230,000 computers in 150 countries, demanding ransom payments. This week, another large-scale ransomware attack has already hit various countries, including England, Ukraine, India, the Netherlands, Spain, and Denmark.
Some reports say that the new ransomware is related to the Petya family, but other sources, such as Kaspersky Labs, claim that it might be entirely new. The attack has affected shipping giant, Maersk, as well as the radiation monitoring systems at the site of the Chernobyl disaster. Other industries impacted include power grid companies, banks, media outlets, and cell providers. So far, the exact method or methods of distribution of the ransomware payload are not yet known. However, it is suspected that the ransomware is spreading via the same leaked NSA EternalBlue exploit used by WannaCry.
According to reports, these ransomware attacks target on-premises systems, particularly those running older, unsupported operating systems like Windows XP and Windows Server 2003. However, SaaS applications are not immune to ransomware attacks. In fact, most strains of ransomware target Microsoft productivity apps such as Word and Excel whether they are on-premises or in the cloud. Ransomware can easily spread to Office 365 via ActiveSync and OneDrive Sync or to Google Apps via the Google Drive sync capability. So, creating an independent backup with a SaaS backup tool such as Backupify ensures you will be able to recover data following a security breach.
Ransomware By The Numbers
Over the past few years, ransomware has emerged as a serious threat to organizations of all sizes. In 2016, Datto surveyed 1,100 IT service providers about ransomware and cybersecurity for our State Of The Channel Ransomware Report. Here are a few key findings:
35% of respondents said they have seen ransomware in SaaS apps, including Microsoft Office 365 and Google G Suite.
97% said ransomware attacks on small businesses are becoming more frequent, a trend that will continue over the next two years.
Fewer than 1 in 4 ransomware incidents were reported to the authorities.
93% reported ransomware infection despite having antivirus software in place.
While small-to-midsized businesses aren’t specifically targeted in ransomware campaigns, they may be more likely to suffer an attack. Frequently, small business IT teams are stretched thin and, in some cases, rely on outdated technology due to budgetary constraints. This is the perfect storm for ransomware vulnerability. Thankfully, there are tried and true ways to protect your business against ransomware attacks. Security software is essential, however, you can’t rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup.
Education: Provide staff with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.).
Security: Antivirus software and firewall technology should be considered essential for any business to protect against ransomware and other security risks. Also, keep all business applications patched and updated in order to minimize vulnerabilities.
Backup: Education and security software are aimed at avoiding ransomware attacks. Backup allows you to recover from attacks that do get past your defenses. However, not all backup is created equally, so look for backup tools that allow you to recover quickly following a security breach.