Can ransomware infect encrypted files?

The European Union Agency for Cybersecurity (ENISA) noted a 150% rise in ransomware attacks between 2020 and 2021, while a Cybersecurity Ventures report estimated that ransomware will cause $265 billion in annual economic losses by 2031.

Ransomware attacks can be devastating regardless of your industry. In its 2021 Internet Crime Report, the FBI recorded over $49 million in ransomware losses, up from $29 million in 2020. (The FBI noted that this figure does not include any third-party remediation services or lost business, time, wages, files, or equipment — nor do victims always report a loss amount — so its estimate is artificially low on several fronts.)

With the threat from ransomware growing so rapidly, it’s no surprise that organizations are searching far and wide for the right solutions. Encryption, a common security measure used for data protection and regulatory compliance, may sound like a solid option.

But is it a viable solution? Below, we’ll break down your options and explain some ways to help your organization neutralize the impact of cybercrime.

Does encryption prevent ransomware?

In a word, no. Ransomware can infect even encrypted files by adding a layer of encryption on top of the existing protection.

There are a few common kinds of ransomware:

Crypto-ransomware, which encrypts valuable files to prevent the owner from accessing them.
Locker ransomware, which does not encrypt a computer’s files but locks a victim out of their device.
Scareware, which uses pop-ups to make false claims about frightening viruses infecting a user’s device and requests payment to solve the fictitious issue.

There are other types as well, but most ransomware works by encrypting files — and it can do so whether those files were originally encrypted by the owner or not.

The bright side? Encryption does help prevent against

the threat of data exfiltration, which occurs when ransomware attackers threaten to release sensitive or confidential information that was compromised during the attack. As long as those attackers lack the time, compute power, and resources to decrypt your encrypted files, they will not be able to exfiltrate them.

However, encryption is not a viable solution to prevent a ransomware attack in the first place, since it was not designed for that purpose. Businesses will require other solutions to keep themselves safe against the rising threat of cybercrime.

How to contact the authorities if your organization is hit with ransomware

In the event of a ransomware attack, it’s usually important to report the event to the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), the Internet Crime Complaint Center (IC3), and/or the US Secret Service. These organizations may be able to offer assistance in handling the attack.

Because this kind of information is so critical for tracking down cybercriminals and preventing future attacks, reporting ransomware attacks is now required by law in some cases. With the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), 16 critical infrastructure industries in the US are now required to report any ransomware payments they make to the Cybersecurity and Infrastructure Security Agency.

How can companies mitigate the impact of ransomware?

Ransomware can cause significant financial damage beyond the extortion payment itself. According to one report, organizations paid an average of $1.4 million to recover from a ransomware attack.

Ransomware may lead to a massive disruption in business continuity and financial stability, with outage and downtime costs, response and restoration expenses, loss of devices and people hours, regulatory penalties, monitoring and investigation costs, lost business opportunities, damaged reputations, and even class action lawsuits.

Despite the severe ramifications of a cyberattack, businesses shouldn’t lose hope entirely. Below, we’ve gathered several expert recommendations for protecting your organization against the impact of ransomware.

Beware of human error

Although ransomware is becoming much more sophisticated, the majority of ransomware attacks are still effective for one key reason: human error.

A Sophos survey found that 9% of ransomware incidents in 2020 could be attributed to misconfigured public cloud instances , while another 45% were because of successful phishing attacks with malicious file downloads, email links, and email attachments.

These phishing attempts are often effective because they use increasingly tricky social engineering to impersonate a trusted colleague and trick users into downloading compromised attachments.

Anti-spam and anti-virus products are a solid first step. Comprehensive ransomware training is also a good idea for organizations with remote employees.

Consider cyber insurance

Businesses large and small are increasingly turning to cyber insurance policies to protect themselves against a range of cyberattacks. Cyber liability insurance, which may cover financial losses from cyberattacks and tech-related lawsuits alike, can offer payouts to cover ransoms, lost income from network outages, and even government fines.

Meanwhile, data breach insurance can help businesses respond more quickly in the event of loss or theft of customers’ personal identifiable information. These policies may cover credit monitoring services for victims or PR services to handle the public fallout from a data breach — valuable services, given that the average cost of a US data breach in 2020 was nearly $4 million.

These kinds of policies can be particularly useful for combating ransomware. According to the Institute for Security and Technology, ransomware attacks are the most commonly reported cyber insurance claim — and that number is only growing. Luckily, ransomware policies now cover everything from data restoration and incident response costs to interruptions in business continuity and the ransom payment itself.

Use ShardSecure to neutralize the impact of ransomware

ShardSecure’s innovative, patented Microshard™ technology desensitizes sensitive data for use in multi-cloud and hybrid-cloud environments and helps mitigate against the impact of ransomware. We achieve this through our three-step microsharding process:

Shred: Microshard technology begins by shredding data into four-byte microshards that are too small to contain a complete birthdate, social security number, or any other piece of sensitive data.
Mix: Next, poison data is added and the microshards are mixed into multiple logical Microshard containers. Identifying information like file extensions, file names, and other metadata is also removed.
Distribute: After being mixed, the Microshard containers are distributed across multiple customer-owned storage repositories. These storage repositories can comprise multi-cloud or hybrid-cloud configurations.

Microshard technology features self-healing data and a RAID-5-like ability to reconstruct affected data. This means that Microshard data containers can be rebuilt whenever they’re tampered with, deleted, or held hostage by ransomware.

Using an automated control, multiple data integrity checks detect unauthorized modifications — including those caused by cloud storage ransomware — and reconstruct the affected data, returning it to its unaffected state. This means that real-time ransomware repairs can begin automatically and in a way that is transparent to users, avoiding major outages.

Microshard technology can also be integrated with existing encryption solutions for a defense-in-depth approach. Encrypted data can be microsharded and distributed to multiple customer-owned storage locations — so even if a storage location is compromised, attackers will only have access to an unintelligible fraction of that data.

Contact us today to learn more about how ShardSecure can help your organization mitigate the impact of ransomware and maintain business continuity.

Sources