Sealpath. Against the New Generation of Ransomware Attacks, How to Protect your Data with Encryption (Part 1)

Ransomware attacks can be mitigated with some security measures and techniques, but in terms of publishing of sensitive data, only data encryption protection can help you. Find out in this article how to protect your sensitive data with encryption, steps for an effective encryption strategy and what to encrypt.

With the advancement of technology, a handful of cybercriminals have become more adept at hiding their malware code to avoid the most difficult-to-evade security measures. Because it is freely available on the dark web, ransomware does not need very difficult skills.

Cyber criminals are so successful with their ransomware because they constantly incorporate new technological advancements into their attacks and employ them faster than others. For example, consider the well-known phenomenon of adware creeping itself using readme.txt files in your computer, or data breachers occurring through word and pdf files, stealing huge amounts of sensitive data. Cherry on top is this data is then sold off to willing parties for thousands of dollars, comprising passwords, identities, confidential information, project data, company secrets and what not.

Why encrypt data against ransomware attacks?

Encryption can assist tackle the growing privacy and security challenges that both consumers and organizations face, as well as deter hackers who wish to steal our information. IBM reports that ransomware attacks cost organizations upto $4.62 million per breach, not including the ransom demand by cyber thieves for decryption keys in exchange! With the presence of a huge black market for stolen data, it is wise to have protection policy than regrets, lost time and money and huge losses in turnover due to your company’s name labeled as a company compromised in data security protection measures.

In this article you will find out a detailed post about: “the importance of Encryption“.

How having an Encryption Policy is the best strategy for modern computing?

According to a research, only 30% of companies have an active encryption policy despite frequent data breaches in the 21st century. Encryption is the core for today’s computing driven commercial environment. With huge amounts of incoming and outgoing data with a set of data breachers working to steal your information, encryption is the utmost security protection organizations, businesses and individuals can put to protect from theft. Encryption can assist tackle the growing privacy and security challenges that both consumers and organizations face, as well as deter hackers who wish to steal your information, be it login credentials, confidential information about your new project or company secrets that your competitors can leverage from.

Using Encryption to protect your Organization Data from Breaches and Ransomware

You might have the popular maxim, ‘if you use a free service, you are the product’. This also holds true for companies and other organizations that rely upon big third party service providers. Whether you are an individual or organization, the technology services that your company uses are reliant upon your data — data about your employees, your customers and your business — to generate their revenues and profits. Of course, if you share your word/pdf files with huge amounts of information with a third-party for whatever reasons, you are exposing yourself and your company to data breaches without encryption. An un-encrypted file can be accessed, shared, edited by any third-party and god forbid even deleted or sold off to competitors and data buyers by a potential cyber criminal. Encryption is the key to taking back some data control from technology processes that gain access to individual and corporate information just because they can. Huge companies like Facebook, Whatsapp and Apple rely on promising data security through end-to-end encryption policy as positive selling points. Similarly, encryption of your documents can keep your documents away from prying eyes for both competitor tech companies and cyber criminals alike, even if they somehow get access to it!

Industrial Spy Stolen Data

Cybercriminals now operate with modern computing to carry out high profile and sometimes state sponsored cyber hacking and data breach activities to gain an edge over potential foes and competitors. Failure at protecting your data through encryption could have grave implications for your organization in terms of ransom, data breaches, damage to company’s name and major losses in revenue. In November 2021, the FBI and Interpol uncovered a major data theft by Nigerian cybercriminals, found to have stolen data from 50,000 organizations! Similarly, in May 2021 a massive data breach occurred when Air India reported approximately 4.5 million records stolen from its seemingly secure database.  So where does all the stolen data go?

Cyber criminals have launched a new cyberspace called Industrial Spy that sells all the compromised data from such breached companies, sometimes even offering it for free to its members. Unlike traditional cyber marketplaces for stolen data, Industrial Spy doesn’t work to merely extort enterprises and impose GDPR fines. Industrial Spy allows organizations to purchase data of their competitors or breached data to large scale cybercriminals such as trade classified information, accounting reports, manufacturing diagrams and client databases.

The marketplace has different levels of data offerings, from $2 for individual files up to “premium” stolen data related which represents all data stolen from an organization and that could be proposed for million of dollars. For instance, Industrial Spy is currently selling an Indian company’s data in their premium category for $1.4 million, paid in Bitcoin. On the other hand, much of their data is being sold as individual files, where threat actors can purchase the specific files they want for $2 each. The marketplace also offers free stolen data packs, likely to entice other threat actors to use the site. However, it would not be surprising if the new marketplace is used to extort victims into purchasing their information in order to prevent it from being sold to other cybercriminals.

According to BleepingComputer, the malware executables that create README.txt files to promote Industrial Spy website on Telegram and Twitter was discovered by MalwareHunterTeam security specialists. When these malware files are executed, they generate text files in every folder on the machine, including a description of the service as well as a link to the Tor website. This readme.txt file shows such messages to potential buyers: “There you can buy or download for free private and compromising data of your competitors. We publish schemes, drawings, technologies, political and military secrets, accounting reports and clients databases. All these things were gathered from the largest worldwide companies, conglomerates, and concerns with every activity. We gather data using a vulnerability in their IT infrastructure.” An investigation conducted by BleepingComputer shows that these executables are being distributed via other malware downloaders that are frequently camouflaged as cracks and adware. While the site isn’t very popular yet, businesses and security professionals are recommended to keep an eye on it and the information it claims to sell. You might never know when your company is the next target!

Source: Sealpath