Protecting against ransomware
Mitigate ransomware for your organization with AWS
What is ransomware?
Ransomware refers to a business model and a wide range of associated technologies that bad actors use to extort money from entities. Whether you’re just getting started or already building on AWS, we have resources dedicated to help you protect your critical systems and sensitive data against ransomware. You can use these resources to prepare your organization against an incident, test and build out a strategy to respond during an event, and recover more quickly from an event. You can also learn more about proactively protecting against ransomware as well as how AWS and the AWS Partner Network can help you reduce the risk of a ransom event.
Ransomware is not specific to the cloud—in fact, AWS can provide increased visibility and control over your security posture against malware. Raising your security posture is the first step to make it more difficult for a ransom event to occur in your environment. Raising your security posture begins with reviewing your security program and controls against best practices from AWS, third party organizations, and your internal policies.
Video - re:Invent 2021 - Backup, disaster recovery, and ransomware protection with AWS (51:57)
Watch this video to learn how you can build business continuity and disaster recovery options using AWS services like AWS Backup, Amazon S3, Amazon EFS, and CloudEndure Disaster Recovery, as well as AWS Partners.
Blog Series - Disaster Recovery (DR) Architectures on AWS
In this 4-part blog series, you'll learn how to architect for disaster recovery (DR), which is the process of preparing for and recovering from a disaster.
Blog - Ransomware mitigation: Top 5 protections and recovery preparation actions
Read about the top five things you can do to help protect and recover your resources from ransomware. This blog post focuses specifically on preemptive actions that you can take.
Framework for protecting against ransomware events
Identify and protect
Identifying your systems, critical data, and applications will help you baseline normal user activity as well as the integrity of systems and potential vulnerabilities. By rapidly identifying and patching vulnerabilities, organizations can reduce their exposure to ransomware events by limiting the ways it can get in.
Detect and respond
Threat detection can continuously monitor your AWS accounts and workloads for malicious activity and deliver detailed security findings for visibility and remediation. Early detection of anomalous network activity is a key to mitigating ransomware threats and its impact.
Organizations that identify critical data up front can back up that data to create an immutable recovery copy. Data can be recovered to a specific point in time and rapidly restored reducing an incident's impact. With AWS services, you can centralize and automate data backups, simplify backup management, and protect your application data across AWS and on-premises environments.
Security and compliance resources
AWS Security Reference Architecture (AWS SRA)
The AWS Security Reference Architecture (AWS SRA) is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. It can be used to help design, implement, and manage AWS security services so that they align with AWS best practices.
The European Union Agency for Cybersecurity (ENISA)
The ENISA Threat Landscape 2021 report outlines the findings on ransomware, provides a description and analysis of the domain, and lists relevant recent incidents. A series of proposed actions for mitigation is provided.
U.S. Cybersecurity & Infrastructure Security Agency (CISA)
The US CISA / Multi-state ISAC Ransomware Guide provides best practices and references to help manage the risk posed by ransomware and support an organization’s coordinated and efficient response to a ransomware incident.
Services to elevate your security in the cloud
Instantly get access to the AWS Free Tier.
Get started building in the AWS Management Console.