Ransomware Attacks: How to Protect your Data With Encryption

September 4, 2020
| |
3 min read

Cybercriminals are making headlines using ransomware to block organizations from accessing their own critical business data to extort ransoms.

Recently, the University of California San Francisco fell victim to a ransomware attack on key academic and research data (the institution is known to be working on a cure for COVID-19) and ended up paying over $1.14 million to gain back control of their data. It is unclear if the university had applied any data protection measures such as data encryption.

According to the 2020 Cost of a Data Breach report, ransomware attacks have grown more common and have a greater average cost of a breach than the overall average. This average comes out to nearly $4.44 million for a ransomware attack. These costs can be attributed to the monetary demands by the threat actor, but that’s not the only problem. Other costs come from data recovery, systems downtime, reputational damage and so on.

Explore Guardium Data Encryption

No one solution available in the market today can completely protect against ransomware, but data encryption is key to any comprehensive data protection strategy. Data encryption software affords control over security policies that prevent malicious users and rogue processes from taking control of your sensitive data.

What is Ransomware?

A ransomware attack generally follows a known pattern. In one scenario, the threat actor does their homework by tracking down employee email addresses, which they use to orchestrate a phishing campaign that delivers ransomware via an email attachment.

An employee untrained to detect such schemes will open the email attachment, which is masquerading as something that looks trustworthy. Doing so opens the door to malware infecting their laptop and any known vulnerabilities. The ransomware goes on to take over sensitive files and databases by encrypting them. Only the threat actor will have the key to decrypt the data. To get the key, the victim has to pay the ransom.

It is imperative that employees be trained to recognize phishing. It only takes one person to make a mistake to allow ransomware to take hold of sensitive data. Organizations are also deploying additional measures such as securing email and web gateways, applying software patches to vulnerabilities and monitoring Domain Name System queries. However, these techniques are often ineffective against new and unknown strains of malware.

Application of Zero Trust security principles is a growing area of focus to embed technologies and processes that help mitigate ransomware attacks. As a failsafe, organizations should make sure to back up all critical business data, so that data restoration is possible without having to meet the demands of cybercriminals. Even with a backup, it’s possible the ransomware remains in the network, so any points of vulnerability will need to be fully addressed.

Consider Data Encryption to Block Ransomware

Organizations should consider a data protection solution with application whitelisting, access control and data encryption to effectively protect against ransomware. Application whitelisting is the process of specifying which software applications or executable files are allowed to run. This helps block malware from entering and executing within the network.

Access control is also key because it defines which users have access to which files or folders and what operations can be performed by the user on specific data. Oftentimes, malware attempts to gain privileges to access sensitive data. In the case of ransomware, once the threat actors have access to the system, they can encrypt sensitive data and hold it hostage until the ransom is paid. Fine-grained access control can prevent users from having more access than they should.

Data encryption protects data wherever it lives across the hybrid multicloud environment. Once data is encrypted and the encryption key is secured, the data becomes useless to any cybercriminal. If that data is already encrypted, that makes it much more difficult for the malware to detect it and attack.

A gold-standard data encryption solution will not only encrypt data across the technology stack, but will provide application whitelisting and fine-grained access control with consistent policy enforcement. By controlling access to trusted executables, limiting privileged access and obfuscating critical data, your organization will be much better positioned against ransomware attacks.

Cynthia Luu
IBM Security Guardium Product Marketing Manager

Cynthia is currently a product marketing manager for the IBM Security Guardium portfolio, focusing on encryption and key management solutions. She has a back...
read more