Protecting against ransomware
Mitigate ransomware for your organization with AWS
What is ransomware?
Ransomware refers to a business model and a wide range of associated technologies that bad actors use to extort money from entities. Whether you’re just getting started or already building on AWS, we have resources dedicated to help you protect your critical systems and sensitive data against ransomware. You can use these resources to prepare your organization against an incident, test and build out a strategy to respond during an event, and recover more quickly from an event. You can also learn more about proactively protecting against ransomware as well as how AWS and the AWS Partner Network can help you reduce the risk of a ransom event.
Ransomware is not specific to the cloud—in fact, AWS can provide increased visibility and control over your security posture against malware. Raising your security posture is the first step to make it more difficult for a ransom event to occur in your environment. Raising your security posture begins with reviewing your security program and controls against best practices from AWS, third party organizations, and your internal policies.
Featured resources
Read this blog to learn about the AWS Blueprint for Ransomware Defense, a new resource that both enterprise and public sector organizations can use to implement preventative measures to protect data from ransomware events.
The new ebook includes the top 10 best practices for ransomware protection and covers new services and features that have been released since the original published date in April 2020 and updated in early 2023.
Join AWS expert, Megan O’Neil as she discusses the top 10 best practices for ransomware protection. You will learn how to gain unparalleled visibility into your AWS environment, as well as the ability to update and patch efficiently, to seamlessly and cost-effectively backup your data, to templatize your environment, and how to rapidly return to a known good state.
Framework for protecting against ransomware events
Identify and protect
Identifying your systems, critical data, and applications will help you baseline normal user activity as well as the integrity of systems and potential vulnerabilities. By rapidly identifying and patching vulnerabilities, organizations can reduce their exposure to ransomware events by limiting the ways it can get in.
Detect and respond
Threat detection can continuously monitor your AWS accounts and workloads for malicious activity and deliver detailed security findings for visibility and remediation. Early detection of anomalous network activity is a key to mitigating ransomware threats and its impact.
Recover
Organizations that identify critical data up front can back up that data to create an immutable recovery copy. Data can be recovered to a specific point in time and rapidly restored reducing an incident's impact. With AWS services, you can centralize and automate data backups, simplify backup management, and protect your application data across AWS and on-premises environments.
Security and compliance resources
AWS Blueprint for Ransomware Defense
The AWS Blueprint for Ransomware Defense provides guidance and a mapping of AWS services and features to 40 recommended security controls from the Center for Internet Security Critical Security Controls designed to defend against ransomware events.
AWS Security Reference Architecture (AWS SRA)
The AWS Security Reference Architecture (AWS SRA) is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. It can be used to help design, implement, and manage AWS security services so that they align with AWS best practices.
The European Union Agency for Cybersecurity (ENISA)
The ENISA Threat Landscape 2021 report outlines the findings on ransomware, provides a description and analysis of the domain, and lists relevant recent incidents. A series of proposed actions for mitigation is provided.
U.S. Cybersecurity & Infrastructure Security Agency (CISA)
The US CISA / Multi-state ISAC Ransomware Guide provides best practices and references to help manage the risk posed by ransomware and support an organization’s coordinated and efficient response to a ransomware incident.