Cybercriminals have shifted their focus from traditional on-premises ransomware to cloud-based tactics, targeting organizations’ cloud accounts and exfiltrating data while destroying backups. Microsoft detailed a campaign by threat actor Storm-0501 that gained extensive access to a large enterprise’s cloud environment, exfiltrated sensitive data, and demanded ransom. #Storm-0501 #AzureSecurity
Keypoints
- Ransomware gangs are increasingly targeting cloud environments and data stored there.
- The threat actor Storm-0501 has been active since 2021 and shifted from on-premises to cloud-based attacks.
- They exploit unsecured accounts with weak security settings, such as lack of multi-factor authentication.
- Once they gain access, they exfiltrate data, delete backups, and create backdoors for persistent access.
- Microsoft warns that such attacks aim to disable remediation efforts and demand ransom for data recovery.
Read More: https://therecord.media/ransomware-gangs-shift-to-stealing-cloud-data