Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Management, Malware, Governance, Risk and Compliance, Compliance Management, Government Regulations, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Researchers confirm cases of ransomware encryption jumping devices via cloud apps

The rapidly expanding use of cloud applications is not only spreading malware faster than ever, but also propagating the effects of ransomware encryption from one user to another — even when the malware itself is not actually downloaded by the secondary victim, according to a new report.

The February 2016 Worldwide Cloud Report from cloud access security broker Netskope noted a “handful” of instances in which ransomware encrypted a user device's files as well as copies of those files saved to the sync folder of a popular cloud storage application. Subsequently, secondary users who also automatically synced to that very same folder had their device's files encrypted as well.

In an interview with SCMagazine.com, Netskope Chief Marketing Officer Jamie Barnett confirmed this was the first time her company has detected this encryption phenomenon in the wild. Such scenarios have until now been largely hypothetical, but Barnett is not shocked to see a real-life case. “It was a blinding flash of the obvious for us,” she said.

It was not reported how affected companies handled the cloud-based spread of encrypted files. However, Barnett noted that in its own controlled recreation of the ransomware attack, Netskope determined that once the malware was quarantined and killed, the remediation spread across the cloud as well.

In an analysis of its own client base comprising hundreds of companies (most mid-to-large-size), Netskope determined that between Oct. 1 and Dec. 31, 2015, 4.1 percent of businesses used at least one IT department-approved cloud app that had malware embedded within it.

“While this may not seem like a large number,” the report said, “consider the fact that sanctioned apps represent less than five percent of an enterprise's total cloud app footprint.” In other words, the cloud's “fan-out” effect of spreading malware is exacerbated further by employees' use of cloud-based business apps that IT departments did not officially vet and approve.

Indeed, Netskope's latest research shows that globally, enterprises have on average 917 business-related cloud apps in use, the vast majority of which are unsanctioned. This is the highest number ever observed by the company and reflects a 21 percent jump over the previous quarter. Barnett attributed many of these unsanctioned apps to the proliferation of individual apps designed to streamline and simplify the tasks of corporate departments such as HR, finance and marketing.

The report also addressed efforts on the part of companies that must comply with the European Union's General Data Protection Regulation (GDPR). Netskope warned it would be an “uphill battle” for the companies it researchers, with only about 40 percent of their cloud apps ensuring that users' data will not be shared with third parties.


Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.