This sentence, taken from the book “The Shadow of the Wind” by Carlos Ruiz Zafón, quantifies in a brief and concise way the cost of revealing a secret. And in the case of the group of extortionists behind ransomware Maze they had valued these secrets of the American company Southwire at $6 million (850 bitcoins). If Southwire does not pay this group, it will make public private company information obtained after a ransomware attack.
A new wave and approach to ransomware attacks. The damage is multiplied.
A few weeks ago we saw on the news what may be a new wave and trend in ransomware attacks. The synagogue in New Jersey has suffered a similar attack by ransomware Sodinokibi, which has started to publish the stolen data after asking for a 500K$ ransom. The City of Pensacola had also been asked for $1 million to recover its data in an earlier attack and had released 2GB of the 32GB extracted.
The extent of the damage extends far beyond the cost of having to recover backup information, business interruption due to loss of access to information, and other situations we had seen in previous ransomware attacks. In this case, the potential publication of internal or third party data of the attacked companies can plunge the companies into numerous lawsuits, litigation, breach of regulations, and its derivatives: loss of confidence, high economic sanctions, resignations, etc.
When we believed that we could put certain measures in place to mitigate the damage from a ransomware attack, attackers have sought a new approach to profit. In this case, the company has not only had to involve its technical department to recover from the attack, but in this case its legal departments in the first instance and surely others such as communication, press, to prepare for whatever may come.
The FBI issued a warning to U.S. companies on December 23, 2019 about the possible wave of Maze attacks and avoiding payment. Now companies must not only have backup measures and other actions in place to prepare for potential recovery of encrypted data, but also to prepare for the possible release of internal data.
Of course, the potential damage to companies is multiplied by this new approach to malware. They are no longer just encrypted, but extorted to avoid publication.
Can encryption help me in any way?
What would happen if the data that has been extracted had been previously encrypted by the company? If the company had protected their sensitive information through encryption, they might be facing the problem of how to recover access to the re-encrypted data, but they would not be concerned about the possible publication of this data by the attacker. The damage would be much less, since at least they can be sure that sensitive, regulated, customer or third party data remains protected.
Encryption technologies could help us solve this problem of the potential publication of our sensitive and secret data, but what are the problems behind the use of encryption or why are many companies reluctant to implement it?
They are often complicated technologies for end users that force them to remember different passwords, or generate public/private keys, do not integrate well with the corporate environment and tools, and are “out of step” with current collaborative documentation systems. Disk encryption is easy to use as it is transparent, but it is only intended to prevent damage from theft or loss of a device, and it is not valid to protect against theft of ransomware as once inside, it has unrestricted access to all files.
On top of that, encryption technologies have a partial scope: Once the other end has decrypted the information, it can do with it what it wants and my data is unprotected again… but this time on a network and a computer that I no longer control.
Protection but without the drawbacks of traditional encryption
What if I could have the benefits of encryption, avoiding these limitations and protecting myself from the potential release of sensitive data stolen by a ransomware attack?. This is what we offer at SealPath, an information protection solution that goes far beyond encryption:
- Files open transparently, no difference to unprotected files. The user is validated once and does not have to be remembering or exchanging passwords with third parties.
- Files are protected wherever they travel and can be opened on any platform (Windows, Android, iOS, Web). The file is protected at rest, in transit and in use.
- There is no risk of losing control over previously encrypted information by a user who has lost his or her key or password.
- Control over protected files goes beyond our network. It is possible to control whether others can still access my protected files even if the file has been downloaded to their computer and is no longer on my network.
- It’s possible to leave permissions to view a user and prevent them from printing, copying or unprotecting the content to keep it.
- It’s possible to have a complete audit of what is happening with protected information and see if anyone without access permission is accessing the information.
- Integrates with other corporate tools to fit into business processes. So users can concentrate on their respective tasks without having to deal with complex actions to encrypt the information.
- There is no need to protect everything, and you can focus on the really important folders, libraries or files.
Most importantly, if a ransomware attack extracts information from the network, the information is encrypted so he can’t publish it.
Finally, an IRM solution like SealPath offers additional advantages over this type of theft by ransomware. Confidential management, legal, HR, and intellectual property information will be safe and secure from internal and external threats, controlling who can access it and with what permissions.
In addition, it helps comply with regulations such as EU-GDPR, which as you can see recommends encryption to prevent possible leaks, and provides with a detailed audit of access to sensitive company information regardless of where it is located. Download our Rapid Guide of GDPR.
Why expose ourselves to such huge economic losses when for a tiny amount we can be confident and protected? 100K euros is nothing compared to 6M euros and very serious consequences for our business. Start protecting your information now. Contact us and we will explain you how simple it is.