How do you secure data from Ransomware?

Keeping data safe from exposure despite having backups

Unlike WannaCry and NotPetya, recent more sophiticated Ransomware like Maze, DoppelPaymer, Revil and Snatch are emerging types of ransomware that not only locks companies out of their own computer systems by encrypting files—the hallmark of typical ransomware—but also can exfiltrate company data and use it as collateral.

Organizations will continue to be at the mercy of these pay-or-we-will-leak-your-data approach since it is inevitable that operating systems and applications will succumb to glitches now and then. In March 2020, Microsoft announced 115 vulnerabilities including 26 bugs rated critical in one of its largest Patch Tuesday releases in recent memory.

Now, despite investing millions of dollars into perimeter defense and a variety endpoint security, these preventive measures have proven to be useless against malicious threats like Ransomware; since they tend to exploit known vulnerabilities in the system. Threats like these are “zero-day” and can easily infiltrate into a network by infecting critical systems, by-passing your firewall.

A viable option is to implement a patch management mechanism that will ensure that all servers and endpoints are patched in a systematic and timely fashion. But in reality, patching servers require tedious and meticulous testing before any patch can be promoted to production environment. Moreover, this does not apply to End-of-Life systems or while we wait before patches are released.

The other option could be to implement scheduled and isolated backups; albeit an extended down time is certain for restoring those backups. The million dollar question remains: What happens to your sensitive data that was stolen? Fact is, your sensitive data remains compromised and exposed whether or not the ransom is paid, even if the data is returned.

This is where securing your data becomes your last line of defense. It is imperative that sensitive data, structured or unstructured, should be protected all times. This can be achieved by adopting a finer grain of access control at kernel level with an easy-to-deploy encryption mechanism. This mitigates the risk of data exposure in the event of a Ransomware attack, hackers or even theft from an malicious insider.

While the attacks are getting more sophisticated and rampant over time, it is high time for organizations to place more importance on safeguarding its sensitive and proprietary data. The impact of losing such data may not only result in revenue loss but also potential harm to an organization’s reputation and brand equity.