Last month, Equinix – the largest provider of data centers in the world – was threatened with a $4.5 million ransomware demand by hackers who gained unauthorized access to the company’s corporate systems. The entry point appears to have been a set of remote desktop servers, a common technique for such attacks. A similar ransomware attack affected six managed service customers of data center provider CyrusOne in 2019.
When ransomware first emerged, the goal was to prevent victim companies from being able to access their data and systems — bringing their business to a standstill. In order to get back up and running, and have the data decrypted, required the payment or ransom. Security teams quickly learned they needed to have robust backup and be prepared to respond quickly to prevent ransomware from spreading throughout their network. To stop the further spread of the ransomware, many systems and processes must be taken offline, causing downtime. In fact, on average it takes over two weeks for companies infected with ransomware to restore their networks.
Ransomware attacks, however, have taken another dark turn. Today’s ransomware not only locks up the victim’s data and systems, but it is used by attackers to extract data. This “ups” the ransomware game, allowing attackers to not only require payment to decrypt data but to also “return” your data to you and agree not to release it.
The vulnerability of data in use
While ransomware attacks are frequent enough now to be considered a fact of life, there are ways you can dissuade criminals from attempting them in the first place. In fact, the Equinix attack could have easily left the hackers with nothing worth a ransom payment if the company’s data in use had been encrypted, not just its data at rest.
For example, reports suggest that the Equinix hackers got away with company financial information, payroll, accounting, audits and data center reports. Data such as this would presumably be encrypted wherever it is stored. But this data is regularly in use because it often gets searched, analyzed and shared. For most companies, those activities necessarily involve decryption, which leaves data vulnerable.
But this doesn’t have to be the case.
The simple keys to thwarting ransomware
In the past, encrypting data in use was cumbersome, imposing an unnecessary “performance tax,” and impossible to scale. But recent advances in data security have made encrypting data in use easy to do and, more importantly, seamless for end users.
Created by data professionals with a long track record in the industry, Sotero’s KeepEncrypt 360 encrypts all of your data throughout the entire data lifecycle, whether in use or at rest. So if you don’t pay the criminals, you won’t have to worry about them selling or using your data. Frankly, if Equinix had been relying on KeepEncrypt, the stolen data would have been encrypted and its keys inaccessible — making it useless to the hackers.
KeepEncrypt also ensures worry-free backup and recovery. So no matter what happens, you can keep moving forward. You will always have copies of all your data, so you won’t need access to whatever the attackers cloak.
Are you and your customers ransom-proof?
Of course, this story isn’t just about Equinix. Countless SaaS companies and platform providers in healthcare, pharma and financial services need to protect their sensitive data as well as that of their customers. Equinix was lucky that, as they claim, this breach affected them, not their customers, who generally secure their own data. But it could have gone the other way. This is precisely why you should focus on encrypting data in use and extending that protection to the customers who entrust you with their data.
While ransomware attacks will remain a risk for the foreseeable future, this doesn’t mean these attacks have to end with a big payout to nefarious characters. Indeed, by encrypting data in use, companies can ensure that even if these attacks “succeed,” the bad guys will end up with a whole lot of nothing.
The best way to get a complete understanding of Sotero — how it works, how it fits into existing systems, and why it’s such a significant accomplishment in data encryption — is to schedule a demonstration.
To do so, please