Don’t let them look at your data.
By Robert Freudenreich, CTO and Founder, Secomba GmbH | Boxcryptor
A single malicious email, with the sender of the mail disguised as a colleague or client, can have severe consequences for a company. With a fraudulent link that transmits sensitive account data in the wrong hands or malware disguised as a seemingly ordinary Microsoft Office file, hackers will gain access to business systems and servers within minutes. In this article, we will take a look at how the cloud and encryption can help prevent or reduce damage in case of a ransomware attack on your company.
What is Ransomware and Why is it so Dangerous?
Ransomware is malicious software that gives unauthorized people access to company data, programs, or even the entire computer system. In case of an attack, business operations are severely affected and exclude personnel and organizations from accessing their files and systems. Ransomware attacks not only have an impact on individual company processes but can also affect the entire supply chain.
The damage usually also affects external stakeholders of the company that was the victim of the attack, for example customers, suppliers, and partners. With most operations coming to a complete hold, companies are forced to pay high ransoms in order to regain control over their data and devices.
According to Cybereason’s “Ransomware: The true cost to Business” (Source: https://www.cybereason.com/hubfs/dam/collateral/ebooks/Cybereason_Ransomware_Research_2021.pdf), it is estimated that there is a ransomware attack on a business every 11 seconds on average, with global ransomware damage losses projected to reach $20 billion in 2021. The FBI reported an increase of more than 225% in total losses from ransomware in the U.S. in 2020 alone.
While the huge amount of ransom is already critically affecting companies, pressure is further increased when sensitive data is threatened to be publicized. While, in theory, the ransom payment can be settled rather inconspicuously, data protection laws like the European GDPR require very strict measures when data of citizens of the European Union is breached. The company, whether American or European, must notify all affected individuals or businesses about the data loss, which not only results in high inconveniences but more importantly a loss in trust. According to Cybereason, 53% of all attacked reported their brand suffered.
How Can Businesses Prevent Ransomware Attacks?
The likelihood of being affected by viruses or malware can be kept within limits if some internal company rules are observed. Even smaller measures can protect companies and organizations from severe consequences. Such measures can be comprehensive security software that detects unknown vulnerabilities or so-called zero-day gaps and prevents their execution.
With a growing number of businesses allowing their employees to work from home, new security challenges arise. Therefore, companies need to sensitize their staff to the issue of proper cyber-security. This can include everything from a well-protected network to VPNs or data encryption solutions. Furthermore, companies should offer regular training and conduct random tests to raise awareness of ransomware and similar malware amongst employees.
If despite all security measures, a company still falls victim to a ransomware attack, it is advised to have an emergency plan at hand. This way, those responsible in the company can act faster and keep the damage caused by ransomware as low as possible. Companies can implement the following steps into their data breach emergency plan:
- Immediately disconnect or remove any potentially affected or suspicious devices from the network.
- Inspect the damage that has been caused.
- Identify the ransomware to determine which relevant authorities or individuals need to be notified.
- Inform all relevant authorities and affected persons.
How Can the Cloud and Encryption Help Against Ransomware Attacks?
Many companies have already shifted their work into the cloud to benefit from increased flexibility, efficiency in team communication, and optimized workflows. Company data can be accessed at any time and from any location. One cloud feature that comes in handy in case of a ransomware attack is versioning. When your company data is encrypted by malicious software, you can simply switch back to a version of your data before the attack, and you gain back control over your data. This way, the damage done by the ransomware attack is reduced to a minimum.
However, by the time you find out about the attack, the attackers probably already copied and stole your company data. This is where encryption comes in, as the second protection measure against ransomware.
Every business possesses confidential information and data that should not be disclosed, such as personal data of customers or trade secrets. Therefore, it is important to protect this information as best as possible, for example through end-to-end encryption. When encrypted, the data contents are protected from malicious software, since only worthless strings are transmitted to the attackers. Thus, without interesting data, no worthwhile attack scenario arises, as the affected company cannot be blackmailed into paying a ransom.
In the case of unencrypted data being involved in a data leak, there is no guarantee that the attacker will not still publish sensitive data, regardless of whether the ransom has been paid. This would hit companies particularly hard, as they not only suffer a huge financial loss but also must take responsibility for the lost data.
In combination with the cloud, encryption solutions can offer even greater protection. In the event of an attack, all securely encrypted files are protected and can be restored even if the attacker deletes the files. However, regular backups and cloud-optimized encryption solutions, like Boxcryptor, are required to ensure continuity. At the same time, it is important to choose an encryption solution with zero-knowledge, so that only authorized people in your company will have access to sensitive company files.
An example: You decide in your company to store the data not only locally, but also with an automatic, regular backup in the cloud storage of Microsoft and Dropbox. Additionally, you encrypt those data with Boxcryptor before uploading to the cloud. If you now become a victim of a ransomware attack, you can restore the affected data via your last backup in the Microsoft or Dropbox cloud. Moreover, you can be sure that the attacker will not be able to do anything with the stolen data, as this data has been encrypted with the key known only to you and is thus not visible to the attacker. You can rest easy and do not have to pay a ransom.
Companies all over the world are falling victim to ransomware attacks. However, it is important to ask how well or poorly prepared an organization is in the event of an attack. Fortunately, there are preventative measures that can be taken:
- Make employees aware of spam and phishing emails.
- Back up your data regularly.
- Protect sensitive files with zero-knowledge encryption solutions.
If you implement these three tips, your business will already be in a better position than most other companies worldwide. Use this knowledge to your advantage and start to encrypt your files today.
About the Author
Robert Freudenreich is the CTO of Secomba GmbH | Boxcryptor. In 2011, the computer scientist founded the company together with Andrea Pfundmeier, CEO at Boxcryptor. The Germany-based company’s software has over 500,000 satisfied customers worldwide and is used by both private users and numerous companies to protect data stored in the cloud. In their first year, Freudenreich and Pfundmeier received the EXIST Founders’ Scholarship from the German Federal Ministry for Economic Affairs and Energy. In 2013, they won the highly endowed “Wirtschaftswoche founder competition” and in 2014 the German Founder’s Prize.
Robert can be reached online at Twitter (@robfreudenreich) and at our company website https://www.boxcryptor.com/de/