Ransomware attacks have mutated. The recent changes in tactics by ransomware gangs have resulted in a permanent and more ruthless form of cyberattack. It’s no longer just about losing access to your data. These attacks are now a full-blown data breach flavored with extortion.
Ransomware now locks down your data and steals simultaneously. With a ransomware attack occurring every 11 seconds, and over 560,000 new strains produced daily, you can stop wondering whether you will be attacked — spoiler: the answer is yes. You’d be wise to prepare for when.
Failure to protect against this threat can lead to a wide range of damage. Lost productivity, data loss, reputational damage will pale compared to the massive compliance issues if your protected data is leaked. Cybercriminals know this. They are counting on it. Fortunately, there are ways to secure your sensitive data — even from cybercriminals and ransomware — without reducing efficiency or productivity.
Ransomware Has Evolved
When it first came out, ransomware targeted inexperienced home computer users. The threat of losing all of their data was often enough to get them to pay up. Hungry for more easy money, cybercriminals turned to target businesses with deeper pockets to pay bigger ransoms.
Ransomware most frequently gets downloaded and installed through email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. These attacks target naive users and security gaps at endpoints. Once installed, traditional ransomware systematically encrypts every bit of data on the machine. At this point, the data is lost unless you recover from backups or pay the ransom.
In today’s threat landscape, you are fortunate if this is the attack you experience. Ransomware recently went from simply locking out your data to stealing it and holding it hostage. This evolution is known as a double extortion attack, where an extra ransom is requested to keep from disclosing it to the public or selling it on the Dark Web.
The Double Extortion Trend
Modern ransomware still encrypts files, but before files are encrypted, they are analyzed for sensitive data. Cybercriminals — and sometimes malware— dig through everything from Excel & Word files to database dumps seeking financial data, customer info, and other personally identifiable information (PII). This process may uncover organizational finances or cyber insurance policies, which may help them scale their ransom demands to maximize their take.
The cybercriminals store all of this information and then demand an additional payment to prevent public disclosure of the data. So even if your organization isn’t interested in unlocking the encrypted systems because you planned for this attack with back-ups and such, the attackers still have leverage. Not paying the ransom can result in a very public data breach with actual damages.
Additionally, exfiltrated data puts you at risk of violating compliance regulations. Many compliance frameworks require steps for due diligence and — in the event of a breach — have penalties or mandatory disclosure processes. Some key compliance regulations are:
- HIPAA – Any breach involving patient data in the US faces Federal Trade Commission (FTC) guidelines enforcement.
- SOX – Any breach due to ransomware leads to fines, delisting from stock exchanges, or jail time if negligence was involved.
- GDPR – Unauthorized access to personal data with ransomware requires regulators to be notified within 72 hours. Failure to do so can result in fines of 20 Million Euros or 4% of global annual turnover.
- PCI-DSS – In the event of a data breach, there are mandatory disclosures to the affected parties. Fines can include $50-$90 per cardholder affected or an accumulating fine of $5,000 to $100k per month until the merchant proves compliance.
Companies need to take a data-centric approach to security, making data the focal point for security practices. While ransomware attacks might be detected by increased network traffic, the daily network noise for regular productivity makes it hard to identify ransomware-related traffic. Data-centric controls generally focus on access, encryption, and auditing to protect the data.
Encryption Protects Sensitive Data from Being Read
When facing these devastating new cyberattacks, encryption is crucial to secure sensitive information and prevent double extortion. This may sound counter-intuitive considering that ransomware encrypts your data to lock it away. The essential difference lies in who holds the keys.
When the business encrypts data, even if cybercriminals grab a copy, it’s worthless to them because you hold the key. Encryption flips the script on ransomware gangs. If encrypted data is stolen from your organization, it’s not a data breach. It leaves the criminals with nothing of value for extortion.
Additionally, regulations such as GDPR have provisions to protect organizations from regulatory ire when their data is encrypted. This is because the content of your information is secure. So by protecting your data with encryption, you stay compliant with privacy regulations, even if you suffer a ransomware infection.
A Safe Compliant Data Sharing Platform
Ransomware is a significant threat to businesses, and failing to protect your data from being stolen in these attacks can have an actual cost to your business. Data encryption solutions are a crucial component for protecting your data. By making your data unreadable throughout its lifecycle, you can maintain compliance.
While many data security solutions may provide encryption or access control services, Sotero bundles it all into a cohesive data security platform that could be viewed as a data-sharing solution. With an end-to-end encryption solution, Sotero is the only solution that can keep data encrypted throughout its lifecycle and only decrypted for the brief period that it is needed. This not only meets but exceeds many of the compliance requirements of the financial services industry.
For more information on how Sotero can help your organization meet compliance requirements, schedule a demo today.