Johannesburg, 10 Feb 2022
The CipherTrust Data Security Platform safeguards organisations from ransomware attacks.
Ransomware, in a nutshell, is a vicious type of malware that cyber criminals use to block access to your entire system or specific sensitive files/databases, until you or your company pays a ransom. While a ransomware attack usually doesn’t result in a data breach, cyber criminals have been moving towards taking a copy of the data before triggering the encryption, and then threaten to expose the data to pressure the victims into paying up.
Ransomware attacks are crippling cities and businesses. Last year alone saw a 41% increase over the previous year. And Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 11 seconds, and the estimated cost to businesses will be around $20 billion by 2021.
CipherTrust Transparent Encryption is one of the widely deployed data protection solutions within the CipherTrust Data Security Platform, which provides data-at-rest encryption, fine-grained access control and application whitelisting capabilities to prevent ransomware attacks.
Challenges
Most organisations follow the baseline security countermeasures below to defend against ransomware attacks. However, they come up short in most cases.
- Security awareness training: training your employees to recognise suspicious phishing e-mails through simulation exercises to defend against attack delivery. However, it only takes one employee to make the mistake of opening a phishing e-mail and infecting his company’s network.
- Deploy secure e-mail/web gateways: This technique can be used to defend against ransomware attacks delivered through e-mail. However, security web/e-mail gateways are unable to detect a new strain of malware, because it does not have the signature.
- Apply the latest software patches: By regularly scanning all your systems and patching high-priority vulnerabilities, helps defend against holes exploited by a ransomware. However, ransomware can be easily delivered exploiting unknown (zero-day) vulnerabilities, for which there are no patches yet.
- Monitor DNS queries: After a ransomware infects a server/endpoint, it typically calls home to a command and control (CNC) sever to exchange encryption keys. Monitoring DNS queries to known ransomware domains (eg, killswitch) and resolving them to internal sinkholes can prevent ransomware from encrypting files. However, DNS servers are unable to block any unknown CNC domains used by new ransomware attacks.
- Backup critical data regularly: There still may be times when all security defences fall short and the ransomware attack succeeds in encrypting all business-critical data. The best way to recover from a ransomware attack is to maintain a secure backup and also have a clear recovery plan that enables organisations to restore their business-critical data. However, restoration is expensive and time-consuming.
Solutions
CipherTrust Transparent Encryption is one of the widely deployed data protection products within the CipherTrust Data Security Platform that enables organisations to protect their business-critical data by transparently encrypting data-at-rest in files, volumes and databases on Windows, Unix and Linux OSes across physical and virtual servers, both in cloud and big data environments.
CipherTrust Transparent Encryption provides application whitelisting capabilities using fine-grained access control policies that enable organisations to block any rogue binaries from encrypting files/databases, even if the intruder has executed permissions for that binary and read/write permission to the target file that contains business-critical data.
- Application whitelisting identifies “trusted applications” – binaries that are approved to perform encryption/decryption of business-critical files. It also needs to provide a way to check the integrity of these applications with signatures to prevent polymorphic malware from getting into approved binaries.
- Fine-grain access control to your business’s critical data, which defines who (user/group) has access to specific protected files/folders and what operations (encrypt/decrypt/read/write/directory list/execute) they can perform. Some malware depends on escalating privileges to gain great system access. Appropriate access control solutions can bar privileged users from examining and even accessing resources.
- Data-at-rest encryption protects data wherever it resides in on-premises data centres or in public/private clouds. This makes the data worthless to intruders when they steal business-critical or sensitive data and threaten to publish it if the ransom is not paid. In addition, some ransomware selectively encrypts files so that it doesn’t take systems entirely offline. Others look for sensitive data and only encrypts those files. In these cases, encrypted files aren’t possible to scan by the malware and, therefore, are not attacked.
To find out more about Thales products, please contact Byron Davel at Cyber Security South Africa, the local distributor for Thales. E-mail: byron@csza.co.za or find us on LinkedIn: cybersecuritysouthafrica.
Share