Cybercriminals are making headlines using ransomware to block organizations from accessing their own critical business data to extort ransoms.

In 2021, ransomware has become a pervasive, newsworthy topic that competes as a major national security issue. In the last year alone, ransomware cost American victims roughly $1.4 billion in ransom demands alone. This is an under-estimation given the related costs of downtime, financial penalties and reputational loss.

According to the 2021 Cost of a Data Breach report, ransomware attacks have grown more common and have a greater average cost of a breach than the overall average. This average comes out to nearly $4.62 million for a ransomware attack. These costs can be attributed to escalation, notification, lost business and response costs, but does not include the cost of the ransom.

No one solution available in the market today can completely protect against ransomware, but data encryption is key to any comprehensive data protection strategy. Data encryption software affords control over security policies that prevent malicious users and rogue processes from taking control of your sensitive data. In an analysis of 25 cost factors that either amplified or mitigated the average total cost of a data breach, use of high standard encryption was third among cost mitigating factors.

Read the report

What is Ransomware?

A ransomware attack generally follows a known pattern. In one scenario, the threat actor does their homework by tracking down employee email addresses, which they use to orchestrate a phishing campaign that delivers ransomware via an email attachment.

An employee untrained to detect such schemes will open the email attachment, which is masquerading as something that looks trustworthy. Doing so opens the door to malware infecting their laptop and any known vulnerabilities. The ransomware goes on to take over sensitive files and databases by encrypting them. Only the threat actor will have the key to decrypt the data. To get the key, the victim has to pay the ransom.

It is imperative that employees be trained to recognize phishing. It only takes one person to make a mistake to allow ransomware to take hold of sensitive data. Organizations are also deploying additional measures such as securing email and web gateways, applying software patches to vulnerabilities and monitoring Domain Name System queries. However, these techniques are often ineffective against new and unknown strains of malware.

Application of zero trust security principles is a growing area of focus to embed technologies and processes that help mitigate ransomware attacks. As a failsafe, organizations should make sure to back up all critical business data, so that data restoration is possible without having to meet the demands of cybercriminals. Even with a backup, it’s possible the ransomware remains in the network, so any points of vulnerability will need to be fully addressed.

Consider Data Encryption to Block Ransomware

Organizations should consider a data protection solution with application whitelisting, access control and data encryption to effectively protect against ransomware. Application whitelisting is the process of specifying which software applications or executable files are allowed to run. This helps block malware from entering and executing within the network.

Explore Guardium Data Encryption

Access control is also key because it defines which users have access to which files or folders and what operations can be performed by the user on specific data. Oftentimes, malware attempts to gain privileges to access sensitive data. In the case of ransomware, once the threat actors have access to the system, they can encrypt sensitive data and hold it hostage until the ransom is paid. Fine-grained access control can prevent users from having more access than they should.

Data encryption protects data wherever it lives across the hybrid multicloud environment. Once data is encrypted and the encryption key is secured, the data becomes useless to any cybercriminal. If that data is already encrypted, that makes it much more difficult for the malware to detect it and attack.

A gold-standard data encryption solution will not only encrypt data across the technology stack, but will provide application whitelisting and fine-grained access control with consistent policy enforcement. By controlling access to trusted executables, limiting privileged access and obfuscating critical data, your organization will be much better positioned against ransomware attacks.

More from Data Protection

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Cost of data breaches: The business case for security AI and automation

3 min read - As Yogi Berra said, “It’s déjà vu all over again.” If the idea of the global average costs of data breaches rising year over year feels like more of the same, that's because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of technologies that can help safeguard data, such as artificial intelligence and automation.IBM’s 2024 Cost of a Data Breach (CODB) Report studied 604 organizations across 17…

Cost of a data breach: The industrial sector

2 min read - Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement.According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost industrial…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today