4 Steps to Protect Cloud-Based Data from Ransomware

More than half of IT and security professionals rated their organization’s ability to protect data on cloud services as relatively low.


With the recent wave of high-profile attacks, ransomware is at the top of everyone’s mind. The most common ransomware scenario involves an employee inadvertently clicking on a link in a phishing email, at which point a malicious file infects the user’s IT system and encrypts the data stored on that system. Unless the victimized business agrees to pay a ransom to the cybercriminals, the encrypted data remains locked down and inaccessible.

A less-discussed scenario involves ransomware attacks on data stored in the cloud. Even though the popularity of cloud computing continues to grow, many businesses still have concerns related to cloud security. In fact, a “Man in Cloud Attack” report from Ponemon Institute noted that over half of IT and security professionals rated their organization’s ability to protect data on cloud services as relatively low.

However, there’s nothing that makes the cloud inherently more vulnerable than on-premise data storage as long as you follow some basic security best practices.

Common Types of Cloud Data Storage Services

When you think about the cloud, there are generally two types of services:

  • Personal, end-user services such as Microsoft OneDrive, Dropbox, Google Docs, Box, etc.
  • Enterprise-class object storage services from cloud providers such as AWS, Microsoft Azure, IBM, and Oracle

You’re likely familiar with the personal cloud services for storing or sharing your own files—either for business or personal use. Cloud-based object storage is primarily used for unstructured data sets in use cases such as static content storage and distribution, backup and archiving, and disaster recovery. Although the use cases for each type vary, the security best practices to protect your data are similar.

As you think about ways to prevent a ransomware attack in the cloud, it helps to understand how cybercriminals work. First of all, ransomware requires an access point, which often involves obtaining a valid login credential or password, or finding a back door into an IT system if a user opens a malicious file. Another key aspect of ransomware is that it often only encrypts the most recent version of stored data.

Once you understand these two elements, it’s much easier to prevent an attack. Here are four steps to help you get started.

Step 1: Define your Cloud Cybersecurity Strategy

Security vulnerabilities often result from not having a solid strategy for protecting data stored in the cloud. Don’t start migrating your data to the cloud before your technical teams are ready. This step involves due diligence with your cloud services provider: Understanding any service level agreements, identifying who’s responsible for what, and deciding how your employees will engage with the provider.

This is especially important if your business handles financial data—such as credit card payments—or is subject to regulations such as PCI, PII, and FERPA. For instance, what if you have data that resides in the U.S. but is hosted in a cloud outside the U.S., or vice versa?

Most cloud providers follow a shared responsibility model in regard to security between the provider and the customer. While providers typically offer some protection, you need to handle specific areas such as passwords, multi-factor authentication, and logon restrictions. But the bottom line is that you’re ultimately responsible for your data regardless of where it resides.

Step 2: Train your People

Aside from all the technical issues, the majority of security concerns stem from people and processes. However unintentional process gaps or human error might be, they can have serious consequences.

The methods of a ransomware attack in the cloud typically focus on account hijacking or stolen credentials. Cybercriminals attempt to discover employees’ cloud logins and passwords to gain access to sensitive data. Once they have access, cybercriminals can steal or encrypt data in order to extract a ransom payment.

This is where security awareness training and easy-to-understand security policies are vital, especially for non-technical employees. You must make any employee working with cloud data aware of the potential threats—and you must give them best practices to follow. It’s very easy to share a link and unintentionally expose huge vaults of data, so your employees need to understand how you expect them to handle access to sensitive data.

Step 3: Utilize Programmatic Detection and Response Tools

You must also be able to identify threats quickly and respond accordingly to prevent or at least minimize their potential impact. This is where programmatic detection and response tools are key. You should proactively—and continually—monitor access to your data stores. And you must be able to identify actual threats from among the numerous false flags and anomalies that pop up.

If you aren’t comfortable handling this type of work—or you don’t have the in-house resources or expertise—you can always outsource cybersecurity management. Services such as extended detection and response (XDR) can give you access to the latest cybersecurity tools and professional expertise without having to make a costly investment.

Step 4: Perform Regular Backups

Because ransomware often encrypts only the current version of a file, you can prepare by regularly backing up your data and maintaining as many versions as necessary. If you get locked out of your data due to a ransomware attack, you can always revert to the previous version. Even if you lose access to some data, that’s a lot better than having no data at all.

To avoid data loss, you should always have a solid disaster recovery and business continuity plan regardless of where your data resides. After all, you’re ultimately responsible for maintaining and protecting your data.

How to Protect your Sensitive Data

Regardless of where your data resides, you should follow similar security protocols:

  • Define a holistic cybersecurity strategy with clear processes and best practices
  • Train your employees about cyberthreats and how they can help prevent them
  • Leverage programmatic detection and response tools to minimize risk
  • Perform regular backups with versioning so you always have a backup if your most recent version of data gets encrypted


Tom Callahan is Director of Operations, MDR at PDI Software. He has spent more than 15 years in information technology and security, focusing on areas like cloud services, cybersecurity, infrastructure, and operations—including MDR and XDR services. His background also includes business IT restructuring and retooling to support ongoing changes throughout information technology and security.

Tom joined PDI through its December 2020 acquisition of ControlScan Managed Security Services. He holds a B.S. in Information Technology from Towson University. He’s also a Red Hat Certified Engineer (RHCE), Certified ScrumMaster, and an active member of the Mid-Atlantic CIO Forum. Find Tom on LinkedIn and Twitter.