Why Ransomware Thrives in the Cloud and How CloudLock Helps Let’s have an honest conversation about ransomware. I’m not going to frighten you in traditional security vendor fashion. Fear-mongering aside, ransomware is…

Why Ransomware Thrives in the Cloud and How CloudLock Helps

Michael Gleason

I spend my days (and nights) explaining how the strengths of the cloud - high availability, scalability, and interoperability - can help us overcome what is often considered its greatest weakness: security.


Let’s have an honest conversation about ransomware. I’m not going to frighten you in traditional security vendor fashion. Fear-mongering aside, ransomware is a real phenomenon. As in, $24 million dollars real, according to the FBI, who heard 2,453 complaints of ransomware last year.

Malware isn’t anything new. Heck, ransomware isn’t anything new. And the cloud certainly isn’t anything new.

But, as cloud adoption continues to accelerate, even among more cautious verticals such as healthcare and financial services, countless cybersecurity operations leaders and vendors are scrambling to shore up their organization against a new (and, as we’ve already established, very real) threat vector.

Why Ransomware is Different in the Cloud

Insecure cloud environments serve as the distribution network for malware. Why? Let’s consider an example.

Cindy receives a file sent to her file sync and share application. It immediately syncs across her desktop and mobile clients. If the file is placed in a shared folder, the file then syncs across all shared users’ clients, too. This is of particular concern for privileged users, as the reach and implications of the malware expand substantially.

Legacy on-premises based security systems (or myopic, network-centric CASB solutions) are incapable of detecting malware in cloud environments, particularly in the instance of cloud-to-cloud communications or cloud access from outside the corporate network.

Corporate Extortion: Just Another Day at the Office?

We all know malware is scary. But, the possibility of critical files being encrypted by ransomware, forcing payment, is terrifying. The FBI advises against paying ransom in response to an attack, recommending a focus on prevention efforts including awareness training and “robust technical prevention controls” as well as developing a business continuity plan.

Realistically, if cybercriminals hold the keys to encrypted sensitive data, there’s not much to be done – particularly in (literal) life and death situations, as seen in the instance of hospitals being targeted with increasing frequency. Does the bitcoin ransom come out of the security budget?

How CloudLock Helps

CloudLock delivers advanced malware detection capabilities in cloud environments through integrations with OPSWAT, VMRay, and Check Point Threat Emulation.

With a 30x increase in connected cloud apps over the past two years combined with the increasing volume of malware and ransomware headlines (i.e., Medstar Health) over recent weeks tells a disturbing story about the evolving nature of this threat vector and the resulting damage to the organization’s productivity, safety, reputation, and bottom line.

CloudLock is uniquely positioned to thwart ransomware attacks on cloud infrastructure through an API-driven, cloud-native approach to cloud cybersecurity. By performing extended analysis across an organization’s disparate cloud environments, the CloudLock Cybersecurity Orchestrator allows customers to identify and remediate instances of malware that would otherwise go unnoticed, with support for Amazon S3, Dropbox, Box, Google Apps, and Office 365.

CloudLock further helps security analysts by enabling proactive, automated cross-platform response actions to mitigate risk and provide deep security intelligence. CloudLock integrates with customer’s established security operations workflows via APIs and out-of-box integrations to drive policy-based threat mitigation and remediation.

In addition to identifying malware through integration, CloudLock can detect anomalous activity within monitored cloud environments indicative of malware infection, such as user login from suspicious location or risky data sharing practices, for additional threat protection beyond initial malware identification.

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser