Written by:
MJ Kaufmann T-Mobile’s ‘Duh’ Moment Reminds Us Don’t Trust Criminals
Ransomware continues to be a thorn in the side of businesses everywhere. With attacks continuing to rise by 93% in early 2021, ransomware prevention is vital because companies have only two choices: prevent or pay. Prevention is not easy, — it requires investments of time and money to create an effective shield. On the other hand, paying the ransom takes no effort and some businesses even set aside money to prepare for ransomware attacks. You hand over cash to the malicious actors and get your encrypted files released. That is, of course, if the cybercriminals actually return your data or provide the decryption key.
Not every attempt to recover data ends as a clean business transaction. T-mobile recently learned this lesson when they hired a third party to exclusively buy back their stolen data. Rather than delivering exclusive rights after being paid, the malicious actors continued to resell all of the personal information seized in the T-mobile data breach, demonstrating how risky paying is. Fortunately, there is a better way – by protecting your data from cyber threats and ransomware, there is no need to play high-stakes games with criminals to recover your data.
The Threat is Real
Every 11 seconds, a new ransomware attack occurs, with over 714 million ransomware attempted attacks in 2021. Savvy businesses understand their attack surface. They also realize cybersecurity isn’t foolproof, new types of malware constantly emerge, and phishing emails are a rigged game of roulette. When it comes to ransomware infections it’s no longer a matter of if they will be targeted but when. These attacks cost on average $5.3 million. This accounts for network downtime, restoration from backups, systems recovery, incident response as well as productivity and information loss. This doesn’t account for reputational damage and customer confidence lost if attackers gained access due to cybersecurity gaps. Now more than ever ransomware prevention is vital to companies of all sizes.
Ransomware Evolution
Ransomware has evolved beyond only encrypting files and locking them with a ransom demand. The latest strains now open backdoors for cybercriminals to come in and steal data over time or automatically grab and exfiltrate critical data. Rather than being only an annoyance where the only data lost was the information contained on the user’s operating system, modern ransomware attacks often escalate to full-blown breaches. One suspicious email and suddenly business-critical information is at risk. Anything on the endpoint, or that can be accessed by that user is at risk.
Depending on the stolen data, it may also lead to compliance issues on top of recovery. This is compounded by attackers using the stolen data to extort the business. They want the ransom for unlocking the endpoint and an additional payout to return the stolen data and not release it or sell it to the public. Attackers do their research and scale the demands to what they believe the business can pay. So larger companies get targeted with greater demands for payout.
Gambling With Data
For organizations willing to pay to get their data back, as T-Mobile discovered, there is no guarantee that cybercriminals will be honorable. Studies have shown that 35% of those that pay the ransom to recover their data never actually get the information back from attackers. Instead, they send money to accounts only to find out their data is not being unlocked or will still be released to outsiders—wasted investment with no viable returns.
If your organization’s strategy is to carry on with business as usual and pay the ransom or extortion demands, your organization is playing with fire. Just because an organization paid off the cybercriminals and nobody else knows does not mean that a breach did not occur. Data they stole still constitutes a breach under most compliance frameworks, even if it is recovered by paying the extortion demands. This can result in additional fines, corrective action plans, or even possible jail time for executives due to negligence in implementing proper security measures. Ransomware prevention is vital to maintaining real compliance.
Ransomware Protection Means Preparing Defenses
When defending against ransomware and cyberattacks, there are no guarantees that attackers won’t get something. Anti-malware solutions are a good step toward blocking malicious applications, but they are not 100% either. Instead, the goal is to minimize what attackers can access and limit how substantial the attack is. Using a combination of the proper access, monitoring, and encryption, the blast radius is reduced substantially.
Managing Access Limits Impact
The first step to limiting access is to define users’ access needs based on the principle of least privilege. With this in mind, a user is only allowed access to the resources they require to do their job and only for as long as necessary. So if a user has a 3-month project that necessitates access to a data set, they get the access they need for that period, and after the project, it is removed. This can be time-consuming to do manually, but numerous solutions help automate this task. Using this approach, even if a user’s account is compromised, cybercriminals only have access to some data, not everything in the organization.
This access control is augmented with threat monitoring and detection. When access occurs outside of a user’s baseline, such as access after hours, accessing multiple files in rapid succession, or attempting to access files that the user rarely uses, it can alert and block further attempts. If threat detection is implemented and assessed in real-time, threats can be rapidly identified and blocked before any significant exposure can occur.
Encryption Reduces Exposure
Encryption is essential for reducing the amount that cybercriminals can steal. The standard file encryption keeps files inaccessible so that even if data is stolen, it is entirely unusable without the keys. This prevents it from being leveraged in extortion attacks later.
A complete encryption solution goes beyond keeping data encrypted at rest and ensures that data is protected throughout its lifecycle. Modern solutions allow the data to remain encrypted in databases, even while in use. This enables users to do their jobs while preventing cybercriminals and ransomware from accessing the data.
As an added benefit to encryption, regulations such as GDPR have provisions to protect organizations from regulatory impact when their data is encrypted. By keeping data protected with encryption, the data remains secure, even if stolen. This helps to guarantee continuous compliance with privacy regulations, even if your organization suffers a ransomware attack.
Focusing On the Data
While many security solutions may provide encryption or access control services, Sotero helps you build a cohesive data security fabric that goes beyond basic encryption. Sotero bundles active threat detection with an end-to-end encryption solution. Sotero is the only solution to keep data encrypted throughout its lifecycle, only decrypting it when required. This approach helps stop attacks early and significantly decreases your vulnerability while narrowing the potential impact of an attack.
Schedule a demo today to discover how Sotero can help your organization protect its data from the threat of ransomware.