Protecting against ransomware attacks is a cybersecurity priority for businesses of all sizes. Ransomware encrypts data files or entire systems across an organization. Encryption blocks access to these assets and renders them unusable unless the victim pays a ransom sum demanded by the threat actor in return for a decryption key.
Aside from the chaos that ensues when employees can’t access the systems, apps, and data they need to perform daily tasks, modern ransomware attacks also risk having your company’s sensitive data published on the Internet. These double extortion attacks couple classic ransomware installation with data exfiltration to give extra leverage in demanding ransoms by threatening to publish stolen data assets.
The cost of ransomware is so high that one recent industry publication predicted businesses will lose $250 billion in these attacks by 2030. And their prevalence is so prolific that attacks happened every 11 seconds in 2021.
As sensitive business data increasingly gets stored in a distributed, multi-cloud infrastructure, the attack surface for threat actors to exfiltrate this data and use double-extortion ransomware increases. Furthermore, as the volume and diversity of data sources generated, collected, and stored by businesses grow exponentially, securing sensitive data stores is a complex undertaking.
This article highlights some actionable tips for ensuring your sensitive data stores are resilient from ransomware.
Why is protecting against Ransomware so important?
Ransomware is one of the most widely used cyber attacks. Its popularity among cybercriminals stems from its ability to become a profit-making endeavor.
Many victims feel they have no option but to cave in to the ransom demand, costing hundreds of thousands or even millions of dollars to an organization. Ransomware gangs are constantly innovating to find new ways to pressure victims. A dedicated ransomware strategy is vital in the fight against these ruthless attacks.
The increased focus by threat actors on sensitive data is a central driver of why protecting against ransomware is so essential. The threat of having your internal sensitive company assets, such as PDF reports, analytics spreadsheets, employee contracts, trade secrets, or proprietary code leaked online is destructive enough.
Layer the additional threat of sensitive customer information being leaked (e.g., protected health information, personally identifiable information, cardholder data), and the importance of a robust ransomware strategy becomes even more evident. Personal data loss can result in customers being further targeted by social engineering attacks, direct financial loss from fraud, and loss of control over personal information.
Ransomware gangs have set up dark web forums to name their victims and reveal the data exfiltrated from their environments. There’s no getting around the significant reputational hit that can soon follow in a ransomware incident.
As companies increasingly leverage cloud storage and infrastructure services for cost-efficient sensitive data stores, ensuring resilience against ransomware effectively across multi-cloud environments is more critical than ever.
How are Ransomware Attacks carried out?
The chain of events leading to eventual ransomware installation within an IT environment is often quite sophisticated and lengthy. But with the malware itself causing the damage in ransomware attacks, here’s a brief outline of the different methods deployed by cybercriminals in ransomware:
- Screen locker ransomware: A classic ransomware strain that takes over operating systems on workstations. Users can't log in to do their work or access encrypted data; they only see a locked screen notification.
- PIN locker ransomware: A relatively rare attack that targets mobile phones, encrypts their data and changes the PIN code to block access.
- Disk coding ransomware: Encrypts critical file systems or master boot records and wipes the disk of certain or all data.
- Crypto-ransomware: Focuses on encrypting individual (usually important or sensitive) files while keeping basic computing operations intact.
6 Steps to Ensure Your Sensitive Data Stores are Resilient From Ransomware
1. Discovery and Classification of Sensitive Data
Keeping up with chaotic and decentralized data creation in today’s complex IT environments challenges businesses to the point that they do not know where their data stores are and what kind of sensitive information is inside. If you can’t see where your sensitive data is, you can’t adequately protect it.
The priority here is to automate the discovery of data stores and label data according to sensitivity levels. Empowered by this true view into your data stores, you can effectively secure data against ransomware and other threats without disrupting fast-moving modern development practices like DevOps.