Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

The State of Cloud Ransomware in 2024

Nov. 14, 2024, 6:59 p.m.

Description

Cloud ransomware attacks are evolving, primarily targeting storage services like Amazon S3 and Azure Blob Storage. Attackers exploit misconfigurations or use stolen credentials to access and encrypt data. Cloud service providers have implemented security measures, such as AWS's 7-day key deletion window, to mitigate risks. New techniques using customer-managed keys pose challenges for data recovery. Ransomware groups are also leveraging cloud services for data exfiltration. Web applications hosted in the cloud are vulnerable to extortion attacks, with tools like Pandora targeting PHP servers. Organizations are advised to use Cloud Security Posture Management solutions and enforce strong identity management practices to protect against these emerging threats.

Date

Published: Nov. 14, 2024, 11:57 a.m.

Created: Nov. 14, 2024, 11:57 a.m.

Modified: Nov. 14, 2024, 6:59 p.m.

Attack Patterns

Pandora - S0664

RansomES

Rhysida

LockBit

BianLian

T1059.006

T1530

T1567

T1213

T1486

T1083

T1027

T1190

T1078