The subject matter discussed in this section should not be assumed to be prior art merely as a result of its mention in this section. Similarly, any problems or shortcomings mentioned in this section or associated with the subject matter provided as background should not be assumed to have been previously recognized in the prior art. The subject matter in this section merely represents different approaches, which in and of themselves can also correspond to implementations of the claimed technology.
Sharing content from the cloud has never been easier. The challenge is that without visibility and control over what is being shared and with whom is the content being shared with, there is an increased risk that content stored on the cloud can become the subject of malicious activity, such as malware.
The use of cloud services for a number of corporate functions is now common. Thus, instead of installing servers within a corporate network to store corporate data or run a customer relationship management (CRM) software product, customized or off the shelf cloud storage solutions and software as a service (SaaS) solutions such as Salesforce.com's offerings can be used. The information technology (IT) and network architecture approaches that could log and protect access to a classic non-cloud based solutions provide limited control. The sprawl of “bring your own devices” (BYODs) and the need to haul that traffic back to the enterprise make it less attractive. For example, virtual private network (VPN) solutions are used to control access to the protected corporate network. Proxies (both transparent and explicit) may be used to filter, or limit access to undesirable web sites when the client is accessing the web sites from within the corporate network. Similar filtering software can be installed on client computers, e.g. safe browsing software, to enforce limits on access so as to reduce the likelihood of malware infecting cloud-based storage. A viable solution should provide consistent, centrally administered control, e.g. enforce the same security measures across multiple devices, network services, and networks—including corporate networks.
Data is often the lifeblood of any business and it is critical that it is effectively managed, protected, and meets compliance needs. Protecting data in the past was focused primarily on on-premise scenarios, but now with the increased adoption of cloud services, companies of all sizes are now relying on the cloud to create, edit, and store data. This presents new challenges. Despite its benefits, the cloud also makes it easy for people to lose sensitive corporate data as the result of malicious activity, such as malware. For one thing, people can access cloud services from multiple devices more easily. Another is that the cloud services make it easy to share data, including with people outside of an organization. For these reasons, it is easy for data to get out of an organization's control.
As the number of cloud-based services increases exponentially, there is an exponential increase in the possibility of a data attack by malware, and more specifically, by ransomware. Ransomware is a computer malware that installs on a user's local endpoint and then executes an attack on the user's local endpoint by encrypting the user's files and then demanding a ransom for the user's files to be decrypted. Ransomware propagates via electronic media and networks. Examples of media that can carry a ransomware infection are email, exploit kits, removable drives, and external network shares. Ransomware often encrypts files to ensure that the victim pays the ransom to get the decryption keys.
Users can unknowingly spread ransomware through the sync and share mechanisms provided by the cloud-based services. Passive spread of ransomware and other infections among users that rely on file sync, share, and collaboration presents an increasing risk.
Virlock is a ransomware infection that encrypts files and also infects them, thereby making it a polymorphic file infector ransomware. Any user who opens a Virlock infected file spreads the infection, causing their files to become encrypted and infected, including files synced through cloud-based services. Virlock ransomware presents a new propagation vector that has the ability to deliver malware on the fly and substantially amplify malware fan-out effect.
Regarding the corporate infiltration of ransomware, the Institute of Critical Infrastructure Technology (ICIT) has said that “2016 is the year ransomware will wreak havoc on America's critical infrastructure community” (ICIT, http://icitech.org/wp-content/uploads/2016/03/ICIT-Brief-The-Ransomware-Report2.pdf, August 2016). The Kaspersky Security Bulletin 2015 reports that in 2015 Kaspersky Lab solutions detected ransomware on more than 50,000 computer in corporate networks, which is more than double the figure for 2014 (Kaspersky Lab, Kaspersky Security Bulletin 2015). This same report explains that the real number of incidents is several times higher. CNN money reports that in the first quarter of 2016, cyber-criminals have collected $209 million by extorting business and institutions to unlock computer servers infected with ransomware. The Federal Bureau of Investigation (FBI) estimates that at this rate, ransomware is on pace to be a $1 billion crime in 2016 (CNN-money, http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/, Apr. 15, 2016).
Accordingly, while it is imperative to facilitate the use of cloud services and more specifically cloud storage so that people can continue to be productive and use the best tools for the job, it is just as important to detect and implement appropriate response mechanisms to prevent individual users and corporations from being held hostage to ransomware.