Can Ransomware Devastate your Data in the Cloud?

June 24, 2014 | Heroix Staff

Security concerns have always been an issue in Cloud adoption. Any time your servers and data are not physically under your control, you have to ask questions about how access to those servers is handled, and how the data on those servers is secured.

For applications that aren’t hosted in the Cloud data breach problems exist as well, Cloud based applications didn’t seem to have any significant vulnerabilities beyond those of other web based applications.

At least, that was until last week. On June 17th, Cloud based service provider Code Spaces had an intruder gain access to their Amazon control panel. On the Code Spaces home page, they provided the details of the attack, and outlined the repercussions for their company. Basically, an intruder gained access to Code Spaces’ Amazon EC2 control panel and demanded ransom in order to leave the site. When Code Spaces tried to lock the intruder out, the intruder began deleting customer data. By the time Code Spaces had removed the intruder, most of their data and backups had been partially or completely deleted.

It took only 12 hours from the time the DDOS attack began to the time it ended with Code Spaces regaining control. Given that DDOS attacks are not uncommon, it was certainly less than 12 hours before they realized they had an intruder and formulated a plan to deal with the intruder. Since this is a fairly new security scenario, it is unlikely that the company’s backup plans (retrieved from the Internet Archive) included dealing with intentional malicious deletions, and they also trusted that redundant Cloud based backups would be sufficient.

Code Spaces provided SVN and Git hosting, and Project Management to its customers, and stated that their priority was to get as much data back as possible. They went on to state:

Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility.

As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.

In the company’s twitter feed, they say that they will publish a “full detailed report” soon. Until then, this incident brings up a lot of questions for Cloud users. How exactly did the intruder gain access to the control panel? Was there a security hole on Amazon’s part, or a user error on Code Spaces part? If someone does gain unauthorized access to your Cloud control panel – how can you lock them out before they cause any damage? Is there a safe way to keep all of your backups in the Cloud, or is an offsite backup still a necessity?

In the midst of the marketing hype surrounding Cloud based computing, Code Spaces will serve as an example of a worst case scenario. Hopefully Cloud users will pay enough attention to the details of how Code Space was hacked to avoid similar problems, and look more closely at whether the Cloud is sufficient for their needs.