Unfortunately, during the last year, it is popular we have an acquaintance or business partner who has had problems with a virus or trojan data encryption (ransomware = Software Rescue).
It is not so hard fall, because usually after an email allegedly deceiving a company invoice or commonly used (Correos, Endesa, etc ..) that leads to a link to download, not legitimate, the Trojan or virus and completely incoscientes of this error, because from that moment begins to encrypt data from hard drive or shared network drives, NAS, etc ...
Many of the antivirus are not prepared for the latest versions of these Trojans and all users are vulnerable businesses regardless of size.
Does the cloud, or data that we have in the cloud can be exposed to these problems?
The answer is yes. Maybe not so easy to "contaminated" but is not free to begin with we will say that in the end the data or cloud services is on hard drives and these are the target of the Trojans, it is true that some services such as google drive and dropbox, review the files before allowing them up to the cloud. But a Trojan encryption usually skip these protections as we can see in the help center dropbox: https://www.dropbox.com/help/8406 How Dropbox manages viruses or malware ?.
The cloud itself does not give extra security, if it is true that it is somewhat easier to protect and somewhat more difficult to be contaminated, I explain:
Usually, the cloud allows us to access it from a browser, extrayendonos layer of the operating system that we have, ie: Most data and cloud services does not care whether you have a Mac, tablet android, Linux or Windows.
It is bad policy to choose an operating system where there are fewer viruses and Trojans, although there are computers with only a browser, for example: google chomebook and perhaps not all users / departments should have the same type of computer, example: In stores , shopping, etc ...
On the other hand, the importance of backups: Daily and versioned copies (and know people who have the virus copies).
and finally training: Users and workers should undergo appropriate training explaining that they can download / execute and not, as an example we suggest signing a manual of good practices tools. (If requested we send a copy to do his thing in your company).