The Anatomy of Cloud Ransomware with Matt Castriotta

Are your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host ⁠Caleb Tolin⁠, ⁠Matt Castriotta⁠, Field CTO for Cloud at ⁠Rubrik⁠, breaks down the tactical gaps exposed when organizations blindly replicate data center mindsets in public cloud networks. Castriotta charts the history of high-profile incidents from the Colonial Pipeline timeline up through modern adversaries like Scattered Spider and Storm-0501. He highlights how today's attackers move laterally by exploiting over-privileged, non-human identities to trigger malwareless mass deletion rather than relying on on-prem style encryption loops.

The discussion pivots into an actionable critique of popular resilience assumptions. Castriotta details why relying on built-in features like S3 versioning and cross-region replication handles business continuity but leaves organizations entirely defenseless against automated cyber assaults. He delivers a precise operational roadmap for defining a "minimum viable business," establishing secure isolated recovery environments, and breaking the 80% ransomware reinfection cycle. This episode serves as an essential strategic guide for any enterprise trying to align the cloud shared responsibility model with predictable, audited return-to-service timelines.

Resources

• ⁠⁠Rubrik Cloud Cyber Resilience Solutions⁠
• ⁠Microsoft Threat Intelligence Report on Storm-0501⁠
• ⁠Scattered Spider Threat Profile⁠

What You’ll Learn

• How to separate low-probability disaster recovery protocols from high-probability cyber attacks.
• The architectural threat mechanisms behind malwareless, privilege-driven data destruction.
• A blueprint for prioritizing operations based on your minimum viable business components.
• Solutions to tackle non-human credential sprawl and enforce just-in-time domain separation.
• The hard realities of cloud platform pricing mechanics during major recovery events.