Ransomware, in a nutshell, is a vicious type of malware that cybercriminals use to block access to your entire system or specific sensitive files/databases, until you or your company pays a ransom. While a ransomware attack usually doesn’t result in a data breach, cyber criminals have been moving toward taking a copy of the data before triggering the encryption, and then threaten to expose the data to pressure the victims into paying up.
Ransomware attacks are crippling cities and businesses. Last year alone saw a 41% increase over the previous year. And Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 11 seconds, and the estimated cost to businesses will be around $20 billion by 2021.
CipherTrust Transparent Encryption is one of the widely deployed data protection solutions within the CipherTrust Data Security Platform, which provides data-at-rest encryption, fine-grained access control and application whitelisting capabilities to prevent ransomware attacks.
Most organizations follow the baseline security countermeasures below to defend against ransomware attacks. However, they come up short in most cases.
• Security Awareness Training: training your employees to recognize suspicious phishing emails through simulation exercises to defend against attack delivery. However, it only takes one employee to make the mistake of opening a phishing email and infecting his company’s network.
• Deploy Secure Email/Web Gateways: This technique can be used to defend against ransomware attacks delivered through email. However, security web/email gateways are unable to detect a new strain of malware, because it does not have the signature.
• Apply the Latest Software Patches: By regularly scanning all your systems and patching high priority vulnerabilities, helps defend against holes exploited by a ransomware. However, ransomware can be easily delivered exploiting unknown (zero-day) vulnerabilities, for which there are no patches yet.
• Monitor DNS Queries: After a ransomware infects a server/endpoint, it typically calls home to a command and control (CnC) sever to exchange encryption keys. Monitoring DNS queries to known ransomware domains (e.g. “killswitch”) and resolving them to internal sinkholes can prevent ransomware from encrypting files. However, DNS servers are unable to block any unknown CnC domains used by new ransomware attacks.
• Backup Critical Data Regularly: There still may be times when all security defenses fall short, and the ransomware attack succeeds in encrypting all business critical data. The best way to recover from a ransomware attack is to maintain a secure backup and also have a clear recovery plan that enables organizations to restore their business critical data. However, restoration is expensive and time consuming.
CipherTrust Transparent Encryption is one of the widely deployed data protection products within the CipherTrust Data Security Platform that enables organizations to protect their business critical data by transparently encrypting data-at-rest in files, volumes and databases on Windows, Unix and Linux OSs across physical and virtual servers, both in cloud and big data environments.
CipherTrust Transparent Encryption provides application whitelisting capabilities using fine-grained access control policies that enable organizations to block any rogue binaries from encrypting files/databases, even if the intruder has execute permissions for that binary and read/write permission to the target file that contains business critical data.
• Application Whitelisting identifies “trusted applications” – binaries which are approved to perform encryption/decryption of business critical files. It also needs to provide a way to check the integrity of these applications with signatures to prevent polymorphic malware from getting into approved binaries.
• Fine-grain Access Control to your business’s critical data, which defines who (user/group) has access to specific protected files/folders and what operations (encrypt/decrypt/read/write/directory list/execute) they can perform. Some malware depends on escalating privileges to gain great system access. Appropriate access control solutions can bar privileged users from examining and even accessing resources.
• Data-at-rest Encryption protects data wherever it resides in on-premises data centers or in public/private clouds. This makes the data worthless to intruders when they steal business -critical or sensitive data, and threaten to publish it if the ransom is not paid. In addition, some ransomware selectively encrypts files so that it doesn’t take systems entirely offline. Others look for sensitive data and only encrypts those files. In these cases, encrypted files aren’t possible to scan by the malware and, therefore, are not attacked.
• Transparent data protection: CipherTrust Transparent Encryption continuously enforces file-level encryption that protects against unauthorized access by users and processes and creates detailed data access audit logs of all activities without requiring changes to applications, infrastructure, systems management tasks, or business practices.
• Seamless and easy to deploy: CipherTrust Transparent Encryption agents are deployed on servers at the file system or volume-level and support both local disks as well as cloud storage environments, such as Amazon S3 and Azure Files.
• Comprehensive security intelligence: It identifies and stops threats faster with detailed data access audit logs that not only satisfy compliance requirements, but also enable data security analytics.