Many people utilizing cloud computing, whether for storage or for actual computing, believe that they are immune for viruses. However, that is not the case. An interesting story from Krebsonsecurity.com reported that a company had all its files on the cloud server infected by ransomware.
The problem started when an employee opened an email in Outlook that looked like an invoice. The attachment was malware, however, which then went on to infect the company’s file system. The malware looked for extensions like *.doc, *.xls, *.pdf, *.txt and changed them into a *.vvv extension. The malware dropped a help.decrypt file in every single folder with specific instructions on how to pay the ransom.
Luckily the cloud provider did keep backups of the virtual machine that was affected. Unfortunately also files belonging to another company were encrypted.
The malware itself was a strain of TeslaCrypt, which itself is not the most dangerous ransomware. A defect in the code has allowed security researchers and analysts to sometimes be able to decrypt files without paying a ransom. There is even a program called TeslaDecoder, created by the forum users at Bleeping Computer, that can be used to decrypt files.
Some ransomware strains have indeed been “cracked” and there are tools online which you can use to get your data back without paying. Before you start sending out those bitcoins to the cybercriminals, make sure to check if this can go away without much noise.
The very best defense against ransomware is to have daily, working backups that are not accessible from a user workstation.
Also be sure to train your employees to be very vigilant and suspecting when receiving mails with attachments.