Protecting against ransomware

Mitigate ransomware for your organization with AWS

What is ransomware?

Ransomware refers to a business model and a wide range of associated technologies that bad actors use to extort money from entities. Whether you’re just getting started or already building on AWS, we have resources dedicated to help you protect your critical systems and sensitive data against ransomware. You can use these resources to prepare your organization against an incident, test and build out a strategy to respond during an event, and recover more quickly from an event. You can also learn more about proactively protecting against ransomware as well as how AWS and the AWS Partner Network can help you reduce the risk of a ransom event.

Ransomware is not specific to the cloud—in fact, AWS can provide increased visibility and control over your security posture against malware. Raising your security posture is the first step to make it more difficult for a ransom event to occur in your environment. Raising your security posture begins with reviewing your security program and controls against best practices from AWS, third party organizations, and your internal policies.

Video: Use AWS to improve your security posture against ransomware
Cloud Business Transformation Icon
Blog - Announcing the AWS Blueprint for Ransomware Defense

Read this blog to learn about the AWS Blueprint for Ransomware Defense, a new resource that both enterprise and public sector organizations can use to implement preventative measures to protect data from ransomware events.

Learn more »

Wretch icon
eBook - Protecting your AWS environment from ransomware

The new ebook includes the top 10 best practices for ransomware protection and covers new services and features that have been released since the original published date in April 2020 and updated in early 2023.

Learn more »

database icon
Webinar - Top 10 Best Practices for Ransomware Protection

Join AWS expert, Megan O’Neil as she discusses the top 10 best practices for ransomware protection. You will learn how to gain unparalleled visibility into your AWS environment, as well as the ability to update and patch efficiently, to seamlessly and cost-effectively backup your data, to templatize your environment, and how to rapidly return to a known good state.

Learn more »

Framework for protecting against ransomware events

Identify and protect

Identifying your systems, critical data, and applications will help you baseline normal user activity as well as the integrity of systems and potential vulnerabilities. By rapidly identifying and patching vulnerabilities, organizations can reduce their exposure to ransomware events by limiting the ways it can get in.

Detect and respond

Threat detection can continuously monitor your AWS accounts and workloads for malicious activity and deliver detailed security findings for visibility and remediation. Early detection of anomalous network activity is a key to mitigating ransomware threats and its impact.


Organizations that identify critical data up front can back up that data to create an immutable recovery copy. Data can be recovered to a specific point in time and rapidly restored reducing an incident's impact. With AWS services, you can centralize and automate data backups, simplify backup management, and protect your application data across AWS and on-premises environments.

Security and compliance resources

AWS Blueprint for Ransomware Defense

The AWS Blueprint for Ransomware Defense provides guidance and a mapping of AWS services and features to 40 recommended security controls from the Center for Internet Security Critical Security Controls designed to defend against ransomware events.

Learn more »

AWS Security Reference Architecture (AWS SRA)

The AWS Security Reference Architecture (AWS SRA) is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. It can be used to help design, implement, and manage AWS security services so that they align with AWS best practices.

Learn more »

The European Union Agency for Cybersecurity (ENISA)

The ENISA Threat Landscape 2021 report outlines the findings on ransomware, provides a description and analysis of the domain, and lists relevant recent incidents. A series of proposed actions for mitigation is provided.

Learn more »

U.S. Cybersecurity & Infrastructure Security Agency (CISA)

The US CISA / Multi-state ISAC Ransomware Guide provides best practices and references to help manage the risk posed by ransomware and support an organization’s coordinated and efficient response to a ransomware incident.

Learn more »

Learn more about AWS Security services

Services to elevate your security in the cloud

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building in the AWS Management Console.

Sign in