Ransomware has gained popularity in recent years. The idea is that a hacker or a group of hackers will try to find and exploit a vulnerability in your infrastructure or services. If they manage to gain enough permissions to take over control of your AWS account, then it will provide them access not only to all your computing instances but also all the data present in your databases. Since your services are now managed using CloudFormation and Ansible, you will be able to redeploy your infrastructure quickly. The bigger issue is the data. In these kinds of hacking events, it is common for hackers to encrypt all your data and ask for a ransom in exchange for the decryption key.

If you are cautious about your data, you are likely to create regular backups but it is also likely that your backups are stored on S3 which is now out of reach for you and at the mercy of the hackers who can easily delete those backups.

To protect your service against this type of attack, it is important not to keep your backups only on your main AWS account. One of the most straightforward ways to avoid that situation is to create another AWS account and replicate all your backups to that account. You can easily implement this using the S3 cross-region replication mechanism as described at http://amzn.to/2suGfo1.