Kasabji added: “Isolated, versioned, and access-controlled recovery tiers are becoming non-negotiable.”
Ransomware gangs have turned the victim’s own cloud-based tools against them. For example, notorious groups such as BlackCat (ALPHV) and Rhysida have actively exploited access to Azure Blob Storage, Amazon S3 Transfer Acceleration, and backup services such as Azure Storage Explorer to exfiltrate and encrypt sensitive files.
“The threat goes beyond encryption — adversaries are modifying lifecycle policies to auto-delete files within days, as seen in Codefinger’s attacks, creating a manufactured sense of urgency,” said Cameron Sipes, director of cloud security at SentinelOne. “These tactics bypass traditional endpoint security and leverage the elasticity of cloud resources for fast, difficult-to-reverse impact.”
