top | item 23929542

(no title)

cnbuff410 | 5 years ago

How does ransomware attack work if the company host all of their service in the cloud (aws/gcloud/etc.)? Based on some preliminary readings, it seems like ransomware attack is mostly conducted on a physical machine. If your service data is all stored in the cloud and not synced with any of the machines owned by your employees, are you still subject to this type of attack?

discuss

grl|5 years ago

Ransomware and cloud are very generic terms. Ransomware is a concept of encrypting data to deny service. Cloud really references virtual architecture that is easy to expand and contract, often in a 3rd party cloud provider like Azure or AWS. The "machines" could be windows, linux, docker containers, Lamda functions (AWS), etc. running virtually in "the cloud". So, a ransomware in the cloud just means that someone encrypted data that is stored on cloud architecture. Certainly quite possible, but not as common as encrypting windows machines, which is what usually makes the news.

userbinator|5 years ago

but not as common as encrypting windows machines, which is what usually makes the news.

It could be Windows machines in the cloud.

clairegraham|5 years ago

You could still encrypt all the stored data in the cloud and delete everything that is unencrypted.

Since most of the historical data that customers upload is in the Garmin cloud, not on their local devices (I believe the local device only stores a small period of recent activity), this potentially means a lot of lost data for customers.

I would also imagine things like accounts and their relations to hardware devices (which account is associated with which device) is stored in the cloud somewhere, so those associations alone are important for synchronizing data to the cloud.

This will be a mess to cleanup if true, if they don't have some kind of separate off-site backups outside of this compromise.