The Challenge of Ransomware
The threat from ransomware, a type of malware that encrypts your files and holds them hostage for purposes of extortion, is currently rising. In 2020, there were 65,000 ransomware attacks reported in the United States. In the summer of 2021, two major ransomware attacks were even called threats to national security. Colonial Pipeline paid $5 Million in ransom after hackers successfully shut down part of its East Coast operations. JBS paid $11 million in ransom as cybercriminals disrupted its food supply operations to restaurants, grocery stores, and farmers.
There are technological and financial reasons responsible for the rise of ransomware. First, hacker tactics are constantly evolving: criminal gangs have recently begun to run malicious payloads inside virtual machines to disguise the initial stages of ransomware deployment. Second, about 1 in 4 companies are paying: it is not only legal to pay a ransom, but even tax-deductible, and sometimes paid for by the victim company’s cyber insurance.
There are multiple threats associated with ransomware, including the loss of data, revenue, and reputation. The US Government does not recommend paying a ransom. If your company decides to pay, the cybercriminals may or may not decrypt and return the files to you. In response to an international survey, only 51% of those who paid a ransom successfully regained access to the encrypted data without any data loss, while 46% said that “some or all” of their data was corrupted.
If your company refuses to pay a ransom, the bad guys often try to increase the pressure by threatening to release your data publicly. This tactic is called “double extortion,” as hackers first exfiltrate a tranche of sensitive data and then threaten to release it. This scenario is even a threat to companies that have backed up their data -- unless it has been properly encrypted or aliased. There are numerous “leak sites” where researchers and journalists regularly read sensitive information stolen by ransomware. In the face of this threat, many organizations simply decide to pay the ransom.
The Importance of Secure Data Backups
Experts say that one of the most important defenses against ransomware is maintaining offline, append-only, encrypted backups of your data. Your backups should be segmented and offline so that criminals cannot access and mutate them; many ransomware variants attempt to find and delete vulnerable backups. Your backups should be encrypted so that if your data is discovered and stolen, hackers cannot leverage it for financial fraud or extortion.
Information security, however, is a complex discipline, and it is a challenge to get everything right. The threat of ransomware means backing up your data must be a critical part of your information security strategy. But in many ways, backups are more challenging to secure than an application. Creating backups tends to increase your security exposure simply by duplicating and disseminating copies of your sensitive data, including proprietary information, personally identifiable information (PII), authentication details, access audits, and much more.
There is a better and more secure way to create data backups by leveraging the power of data aliasing and the VGS Zero Data™ philosophy.
Zero Data™ Threat Mitigation
VGS technology mitigates the threat of ransomware by reducing the spread of sensitive data in your backups. VGS transforms sensitive information into data aliases that, if stolen, are meaningless to data thieves and hackers. Our vault security controls include segregated accounts, key rotation, patch management, audit logging, vulnerability testing, strong encryption, and continuous monitoring, which together cover the vast majority of PCI, SOC 2, GDPR, CCPA, and HIPAA security requirements.
VGS customers are at a dramatically lower risk of data breach and double extortion due to our Zero Data™ approach to information security. Attackers can threaten to release your data, but if it has already been transformed into aliases, the risk of disclosure is minimal, and the criminals have dramatically reduced negotiating power. Even if the attackers do not threaten to release your data, victims must always fear that they have retained copies, which could appear on the dark web at any point in the future.
Because VGS customers do not ever possess copies of the original, sensitive information, corporate data backups are easier and safer to perform. Aliased content allows for novel, real-time, and more concise methods of backup. You can stream and store snapshots of events, such as binlog access requests and responses, with incremental updates. VGS aliases are flexible and can accommodate any storage type, such as stream processing for Apache Kafka. For maximum security, you should also alias all communications related to authentication and authorization so that an attacker cannot access your VGS account.
The facilitation of data backups is only one of the many ways that VGS can improve your information security. Together, we can dramatically reduce the risk and impact of ransomware. If you have any questions, please contact us.
