Databack - Récupération de données
Request a quote
THE BLOG

Databack success stories: cyberattack response in a cloud environment

Cloud computing plays an essential role in the digital transformation of professional organizations (businesses, government agencies, local authorities, etc.). It is a vector of development, innovation and operational efficiency, agility and flexibility, cost reduction… but it also raises questions in terms of vulnerability, cybersecurity and data protection. Databack presents an overview of cloud security through the story of a cyberattack…

Cloud computing and cyber surveillance

By providing computing resources hosted on the Internet, cloud computing cloud computing has provided businesses and public sector bodies with great financial and technical flexibility, enabling them to work collaboratively, control operating costs and react quickly. Remote services (including infrastructures, platforms and “as a Service” software) have given them unrivalled flexibility, modularity and accessibility for storing, managing and exploiting their data.


However, the increased use of the cloud has inevitably been accompanied by a growth in IT security and data breach risks. At Databack, we have seen an increase in ransomware attacks in cloud environments. Now a “classic” of cyber-malware, these attacks take on a whole new dimension, since they involve shared responsibility between :

– the end customer, i.e. the service user and data owner;
– the service provider and host (SaaS software, PaaS platform or IaaS infrastructure)

Cloud service providers thus remain prime targets for hackers, as they can impact dozens of companies and organizations whose data they host in a single attack. This puts maximum pressure on service providers, suppliers and hosters to pay the ransom.

Case study: ransomware attack on SaaS data

The Databack team was recently called upon to respond to a ransomware attack carried out in a cloud environment. Our customer, based in South-East Asia, had contacted us via the CERT who had accompanied them during the incident.


As a user of a SaaS (Software as a Service) service hosted by Amazon Web Services (AWS), our customer had all his production data encrypted. The encryption attack also affected his Arcservce Backup backup software.


Due to its geographical location, our entire intervention had to be carried out remotely. To facilitate and accelerate the process, our customer had to upload all his production data and backups, i.e. some 4 TB of data, to a secure space we had provided.


Analysis of all Arcserve Backup files enabled us to reconstruct the entire tree structure and extract all files. An integrity test showed that 85% of them were valid. Less than 3 days after the start of our analysis, the customer was able to recover the first files required for business recovery.

Cloud security and specialized service providers

The scenario of this ransomware attack on cloud cloud also enabled us to confirm that a company that has already identified its service providers saves precious time. CERT, data recovery laboratory, cyberassurer… a coordinated approach by these different players considerably reduces incident response times and significantly increases the possibilities of recovering data without having to pay a ransom.


While cloud computing offers considerable advantages in terms of data storage, accessibility and processing, organizations must remain vigilant in the face of IT risks. Professional organizations must not only remain vigilant to the growing threat of cyber-attacks, but also to their own security practices and vulnerabilities.


For businesses and government agencies that concentrate data and applications in the cloud, it’s becoming imperative to employ cloud security practices. By taking a proactive approach to cybersecurity, combining advanced technologies and adopting good IT practices, organizations can strengthen their cloud security posture and effectively protect their data.

If your organization, business, administration or local authority is using or thinking about using cloud computing, you can contact the Databack team team to anticipate crisis situations, ensure business resumption or simply inform you about ransomware attacks.

4 March 2024
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin