Updated ebook: Protecting your Amazon Web Services environment from ransomware

by Megan O'Neil and Merritt Baer | on

Amazon Web Services is excited to announce that we’ve updated the Amazon Web Services ebook, Protecting your Amazon Web Services environment from ransomware. The new ebook includes the top 10 best practices for ransomware protection and covers new services and features that have been released since the original published date in April 2020.

We know that customers care about ransomware. Security teams across the board are ramping up their protective, detective, and reactive measures. Amazon Web Services serves all customers, including those most sensitive to disruption like teams responsible for critical infrastructure, healthcare organizations, manufacturing, educational institutions, and state and local governments. We want to empower our customers to protect themselves against ransomware by using a range of security capabilities. These capabilities provide unparalleled visibility into your Amazon Web Services environment, as well as the ability to update and patch efficiently, to seamlessly and cost-effectively back up your data, and to templatize your environment, enabling a rapid return to a known good state. Keep in mind that there is no single solution or quick fix to mitigate ransomware. In fact, the mitigations and controls outlined in this document are general security best practices. We hope you find this information helpful and take action.

For example, to help protect against a security event that impacts stored backups in the source account, Amazon Web Services Backup supports cross-account backups and the ability to centrally define backup policies for accounts in Amazon Web Services Organizations by using the management account. Also, Amazon Web Services Backup Vault Lock enforces write-once, read-many (WORM) backups to help protect backups (recovery points) in your backup vaults from inadvertent or malicious actions. You can copy backups to a known logically isolated destination account in the organization, and you can restore from the destination account or, alternatively, to a third account. This gives you an additional layer of protection if the source account experiences disruption from accidental or malicious deletion, disasters, or ransomware.

Learn more about solutions like these by checking out our Protecting against ransomware webpage, which discusses security resources that can help you secure your Amazon Web Services environments from ransomware.

Download the ebook Protecting your Amazon Web Services environment from ransomware.

If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact Amazon Web Services Support .

Want more Amazon Web Services Security news? Follow us on Twitter .


Megan O’Neil

Megan is a Principal Specialist Solutions Architect focused on threat detection and incident response. Megan and her team enable Amazon Web Services customers to implement sophisticated, scalable, and secure solutions that solve their business challenges.

Merritt Baer

Merritt Baer

Merritt is a Principal in the Office of the CISO. She can be found on Twitter at @merrittbaer and looks forward to meeting you on her Twitch show , at re:Invent, or in your next executive conversation.