The State of Cloud Ransomware in 2024

Nov. 14, 2024, 6:59 p.m.

Description

Cloud ransomware attacks are evolving, primarily targeting storage services like Amazon S3 and Azure Blob Storage. Attackers exploit misconfigurations or use stolen credentials to access and encrypt data. Cloud service providers have implemented security measures, such as AWS's 7-day key deletion window, to mitigate risks. New techniques using customer-managed keys pose challenges for data recovery. Ransomware groups are also leveraging cloud services for data exfiltration. Web applications hosted in the cloud are vulnerable to extortion attacks, with tools like Pandora targeting PHP servers. Organizations are advised to use Cloud Security Posture Management solutions and enforce strong identity management practices to protect against these emerging threats.

External References

https://www.sentinelone.com/blog/the-state-of-cloud-ransomware-in-2024/
https://otx.alienvault.com/pulse/6735e5bc16d9aca521f05fb8
Tags
lockbit
bianlian
cloud security
data exfiltration
rhysida
2024-11-14
CVE-2023-34362
cspm
cloud ransomware
pandora
s3 buckets
ransomes
web application attacks
identity management
kms

Date

  • Created: Nov. 14, 2024, 11:57 a.m.
  • Published: Nov. 14, 2024, 11:57 a.m.
  • Modified: Nov. 14, 2024, 6:59 p.m.

Attack Patterns

  • Pandora - S0664
  • RansomES
  • Rhysida
  • LockBit
  • BianLian
  • T1059.006
  • T1530
  • T1567
  • T1213
  • T1486
  • T1083
  • T1027
  • T1190
  • T1078