Against the New Generation of Ransomware Attacks, How to Protect your Data with Encryption

May 18, 2022 | Secure Business Data

Ransomware attacks can be mitigated with some security measures and techniques, but in terms of publishing of sensitive data, only data encryption protection can help you. Find out in this article how to protect your sensitive data with encryption, steps for an effective encryption strategy and what to encrypt.

TABLE OF CONTENTS

 
With the advancement of technology, a handful of cybercriminals have become more adept at hiding their malware code to avoid the most difficult-to-evade security measures. Because it is freely available on the dark web, ransomware does not need very difficult skills.

Cyber criminals are so successful with their ransomware because they constantly incorporate new technological advancements into their attacks and employ them faster than others. For example, consider the well-known phenomenon of adware creeping itself using readme.txt files in your computer, or data breachers occurring through word and pdf files, stealing huge amounts of sensitive data. Cherry on top is this data is then sold off to willing parties for thousands of dollars, comprising passwords, identities, confidential information, project data, company secrets and what not.
 

Why encrypt data against ransomware attacks?

 
Encryption can assist tackle the growing privacy and security challenges that both consumers and organizations face, as well as deter hackers who wish to steal our information. IBM reports that ransomware attacks cost organizations upto $4.62 million per breach, not including the ransom demand by cyber thieves for decryption keys in exchange! With the presence of a huge black market for stolen data, it is wise to have protection policy than regrets, lost time and money and huge losses in turnover due to your company’s name labeled as a company compromised in data security protection measures.

In this article you will find out a detailed post about: “the importance of Encryption“.

 

How having an Encryption Policy is the best strategy for modern computing?

 
According to a research, only 30% of companies have an active encryption policy despite frequent data breaches in the 21st century. Encryption is the core for today’s computing driven commercial environment. With huge amounts of incoming and outgoing data with a set of data breachers working to steal your information, encryption is the utmost security protection organizations, businesses and individuals can put to protect from theft. Encryption can assist tackle the growing privacy and security challenges that both consumers and organizations face, as well as deter hackers who wish to steal your information, be it login credentials, confidential information about your new project or company secrets that your competitors can leverage from.

 

Using Encryption to protect your Organization Data from Breaches and Ransomware

 
You might have the popular maxim, ‘if you use a free service, you are the product’. This also holds true for companies and other organizations that rely upon big third party service providers. Whether you are an individual or organization, the technology services that your company uses are reliant upon your data — data about your employees, your customers and your business — to generate their revenues and profits. Of course, if you share your word/pdf files with huge amounts of information with a third-party for whatever reasons, you are exposing yourself and your company to data breaches without encryption. An un-encrypted file can be accessed, shared, edited by any third-party and god forbid even deleted or sold off to competitors and data buyers by a potential cyber criminal. Encryption is the key to taking back some data control from technology processes that gain access to individual and corporate information just because they can. Huge companies like Facebook, Whatsapp and Apple rely on promising data security through end-to-end encryption policy as positive selling points. Similarly, encryption of your documents can keep your documents away from prying eyes for both competitor tech companies and cyber criminals alike, even if they somehow get access to it!

 

Industrial Spy Stolen Data

 
Cybercriminals now operate with modern computing to carry out high profile and sometimes state sponsored cyber hacking and data breach activities to gain an edge over potential foes and competitors. Failure at protecting your data through encryption could have grave implications for your organization in terms of ransom, data breaches, damage to company’s name and major losses in revenue. In November 2021, the FBI and Interpol uncovered a major data theft by Nigerian cybercriminals, found to have stolen data from 50,000 organizations! Similarly, in May 2021 a massive data breach occurred when Air India reported approximately 4.5 million records stolen from its seemingly secure database.  So where does all the stolen data go?
 

 
Cyber criminals have launched a new cyberspace called Industrial Spy that sells all the compromised data from such breached companies, sometimes even offering it for free to its members. Unlike traditional cyber marketplaces for stolen data, Industrial Spy doesn’t work to merely extort enterprises and impose GDPR fines. Industrial Spy allows organizations to purchase data of their competitors or breached data to large scale cybercriminals such as trade classified information, accounting reports, manufacturing diagrams and client databases.

The marketplace has different levels of data offerings, from $2 for individual files up to “premium” stolen data related which represents all data stolen from an organization and that could be proposed for million of dollars. For instance, Industrial Spy is currently selling an Indian company’s data in their premium category for $1.4 million, paid in Bitcoin. On the other hand, much of their data is being sold as individual files, where threat actors can purchase the specific files they want for $2 each. The marketplace also offers free stolen data packs, likely to entice other threat actors to use the site. However, it would not be surprising if the new marketplace is used to extort victims into purchasing their information in order to prevent it from being sold to other cybercriminals.

According to BleepingComputer, the malware executables that create README.txt files to promote Industrial Spy website on Telegram and Twitter was discovered by MalwareHunterTeam security specialists. When these malware files are executed, they generate text files in every folder on the machine, including a description of the service as well as a link to the Tor website. This readme.txt file shows such messages to potential buyers: “There you can buy or download for free private and compromising data of your competitors. We publish schemes, drawings, technologies, political and military secrets, accounting reports and clients databases. All these things were gathered from the largest worldwide companies, conglomerates, and concerns with every activity. We gather data using a vulnerability in their IT infrastructure.” An investigation conducted by BleepingComputer shows that these executables are being distributed via other malware downloaders that are frequently camouflaged as cracks and adware. While the site isn’t very popular yet, businesses and security professionals are recommended to keep an eye on it and the information it claims to sell. You might never know when your company is the next target!

 

Taking back control of your data through Encryption

 
It is established that encryption is important to secure your data, but that is not the only solution. It is not only important for modern security but is also core to modern computing if you want to excel in an internet driven environment. In fact, it is more important that you have an effective information policy where big tech companies and third-party providers allow you to cloud compute, and store and share vast amounts of information online; it is only essential that you encrypt all that data before using these services if you manage sensitive data.

It is not only important to fully evaluate and prioritize which data needs to be enabled to be accessed and stored, it is also crucial that you fully encrypt all of the documents and communication files before putting them online. This way you can greatly reduce the vulnerability of your organization and/or company’s potential of a data breach by big cybersecurity thieves.

 

Who is at Risk?

Despite the incidences of frequent cyber attacks, data breaches and identity thefts, IDC reports that only 3% of those information leaks and data breaches was encrypted and protected. This means that 97% of that data was not encrypted and highly exposed, with only 3% unusable to the cyber thieves due to being encrypted and inaccessible despite being stolen.
 

 
One of the greatest responsible motivator of wide spread of ransomware is to make money or gain profit through ransom. As far today’s scenario is concerned, the objective of ransomware is damage, destruction, harming victim at any state and yield as much money as possible either by hooks or crooks.

 

Some people are more at danger than others:

 

  • Corporate or Business Sector are most favorable target for ransomware initiators due to the presence of huge amount of confidential data regarding its consumer, sales, purchase, ledgers, journals, quotations, taxes etc. Loss of such documents can cause the whole business to shut down or bear major losses. Thus, corporate sectors opted to willfully pay ransom instead of suffering setback. The proceedings of World Congress on Engineering and Computer Sciences estimated that out of all victims, around 46% of corporations are targeted, out of these 88% were not using encryption.
  • Public or Government Sector. This mostly comprises of educational institutions, power corporations, telecommunications, law enforcement wings, hospitals, banks, transportation and all those establishments that have direct impact on public. The risk of not being encrypted comes from hackers affecting such institutions, increases the probability of getting ransom because upkeep and maintenance of the offline digital copies of huge pile of data is difficult and denial to pay ransom will lead to setbacks in terms of minimum 3 to 6 months, i.e., another big deal of nearly a fresh start. Similarly, infecting government sector fulfil two major objectives of crooks, one to ensure the payment of ransom and if not, then steal the data regarding defense, citizens, budgets, policies etc. and sell it for money over dark net. Hence, encryption of all these data can not only save the organizations and public departments from paying huge amounts of ransom, but also prevent the theft of piles of data that could otherwise set back public or organizational affairs by upto 3 to 6 months or even more! 
  • Home Users or Individuals are softest targets of ransomware due to their least fluency with technical aspects of computers. Although a home user generally does not have huge amount of data compared to corporate sector and not related to public concerns but still have extreme significance to its holder that includes reports, projects, pictures, game files, emails, credit card information, online shopping behaviors, etc. Extortion and pressure of ransom payment further increased by eradication of any backup files and disabling of system restore just before commencement of encryption of files by ransomware.

 

Steps for an effective encryption or data protection management plan

 
It is important to formulate an encryption or protection plan by following through the three critical questions to allow yourself control over which data to encrypt and protect:

  1. Analyze which data needs to be encrypted: Since it’s your data and your company, it is important that you carefully analyze, evaluate, and prioritize which date needs to be encrypted the most. For instance, this could include personally identifiable information (PII) and any trade secrets that would be harmful if leaked.
  2. Having a document protection plan: Having encryption is the first step and having an encryption is the last and second most crucial step in your data protection. It is important that you decide what happens with your data while it is in transit and while at rest. These require different levels of protection and you can fully control what happens when. For instance, you can choose to destroy a file if it is shared beyond what you initially provided access for. But, for this to work, you need to have that type of encryption embedded in your file beforehand.
  3. Establish solid and easy-to-manage protection policies: It is a busy world and you may often get too caught up in day-to-day affairs of your company to bother with data breaches of previous documents. However, you can choose types of protection policies management plans to automatically keep up with your data while it is at rest and whenever, wherever it is accessed or shared online. This way you can assess your encryption performance regularly to get clear of any serious data breaches.

 


 
If you want to learn more about a more detailed approach and deploy to protect your corporate data through a data-centric security approach, read this article.

 

Knowing what to Encrypt and How much to Encrypt?

 
Organizations or public sector departments and businesses must be told what information should be safeguarded when encrypting files or folders on file servers or cloud repositories. It’s also critical to use automation to make file protection easier, especially when encrypting folders or safeguarding data in information repositories. In order to avoid spill of privacy, disclosure of confidentiality and enhance a secure transmission of message between two parties the encryption tools are designed to provide safety and ensuring security goals during communication. Take for instance, the Zero Trust Security Model, which focuses on the ‘layer’ protection, on the premise that since every data is so mobile online, it is important to assume that no one or nothing can be trusted.

 

IRM (Information Rights Management); beyond encryption

 
IRM systems deal with the challenge on what happens with data once it is in transit or has left the perimeters. Also known as E-DRM (Enterprise Digital Rights Management) or EIP&C (Enterprise Information Protection & Control, it uses a highly sophisticated and effective form of cryptographic protection that applies to files that are travelling and provides protection wherever they transit. The IRM’s system approach is to apply a layered protection to the data that can be controlled even if it is no longer in the network, whether it is in a cloud, on a mobile device, etc.

If the data reaches someone it shouldn’t of whom you consider shouldn’t have access to it, you can revoke the access remotely. You can set expiry dates for documents. Give users more or fewer permissions in real time (Edit when before they could only Read, or restrict the permission to read-only if we don’t want them to edit or print). The ease with which this type of solution may be implemented means you can start using it right away and encrypt and regulate important data that your firm controls internally or with third parties.

One of the most critical aspects of this technology is its ability to be made simple to use so that non-technical people can manage protected data as if it were unprotected data. One part of encryption is allowing end users to be at ease in assessing and using, sharing, editing, transferring their own data without having technical difficulties and know-how of cryptography. It is done by making it compatible with the apps that users use on a daily basis, such as Office, Adobe, and AutoCAD, as well as the information repositories that companies often use, such as File Servers, One Drive, G-Suite, Microsoft Office 365 Cloud applications, SharePoint, Drop Box, and so on.

Hence, depending on the vulnerability of the data, the extent of damage the leakage or theft of which document can have on an organization, you can choose to apply different levels of protection. For instance, if you are sharing confidential information about a new tender with your business partner, you may allow it to be shared with only specific parties, departments with only view-only permissions –  beyond which if accessed, the files could not be assessed and if tried to decrypt, would be of no use to potential competitors.

On the other hand, you might want to limit access to your company’s data that may harm your company, employees, customer base and business partners, if stolen. You can put a minimal protection but with certain levels of access permission. You can choose exactly what happens with which type of data, develop a ‘protection in use’ policy of the encryption and not just a protection in rest or transit. Also, although many organizations and public departments may have pinpoint documents labeled as ‘public’, ‘private’, ‘confidential’, ‘internal use only’, etc, it is more evident on paper than online. Being able to encrypt them according to the levels of classification on paper would be the real win for these organizations. IRM integrated with data classification tools allow you to automatically protect classified or labelled data with a specific IRM protection policy.

 

Takeaways of Protecting Your Documents Through a Data-Centric Security Approach

 
It is established that encryption involves a data-centric security management strategy to protect the collective interests of an individual or organization, employees, customers, partners and more. Some of the advantages of having a multi-layer encryption-based protection based in a data-centric security approach for your online data may include:

  • Protection of sensitive documents without relying on user actions.
  • Ensuring protection of data whether information is travelling outside network perimeter, being accessed by an outsider or while it is in transit, at rest and in use.
  • Control what users can do with your documents (View only, copy & paste, edit, print, etc.).
  • Monitor, allow or disallow access regardless of where your data is.
  • Revoke access to sensitive information even if you provided access permission before.
  • Protecting your intellectual property rights by having full control of your data, hence making it almost impossible to be stolen by competitors and imprinters.

SealPath allows you to develop an effective management system for all your sensitive data you want to protect with effective protection, monitoring, and automation systems. You can ensure efficient protection using an integrated IRM (or E-DRM) model to ensure protection of your data in use, at rest and in transit, without having to worry about theft or paying ransoms due to theft.