A. Khedron de León - May 16, 2021

How to Defeat Ransomware in 4 Easy Steps

Ransomware  Disruptive Defenses  Encryption/Tokenization

With these 4 (somewhat) easy steps, even if your data is ransomed, recovery will become a matter of days rather than months, your recovery costs will drop drastically—and, bonus, customer opinion won't decline as steeply when the loss doesn’t irrevocably impact their data.

What Makes You an Easy Mark

Are you going to be the victim showcased in next week’s release of ransomware news? How does a hacker pick their unlucky contestants? It’s not unlike police trailing a suspect or thieves casing a location. Hackers find individual targets most easily by combing social media accounts of their victims; the past decade’s social media explosion makes sharing one’s info easier than ever—and sometimes we don’t even realize the depths of the privacy we are sharing. Geolocation and pattern analysis combine to paint a fairly accurate picture of daily routines; deducing who has money to spare and lax cyber hygiene makes account subversion a piece of cake.

Corporate targets require a different flavor of investigation; having cyber insurance makes businesses particularly attractive, as the perps know their threats are likely to be paid one way or another. The Securities and Exchange Commission recommends public companies report insurance coverage relating to cybersecurity incidents. This just puts a target on businesses who have already been victimized. Anyone can scan vulnerable attack surfaces by using software like Shodan and its brethren. Checking the internet registry of a company is a simple starting point; unless you’ve paid extra to hide your DNS settings, IP traces can often be cross-referenced to physical locations, which are then socially engineered. Companies who possess data or systems where lives hang in the balance (read: health care, pharma, and insurance) are juicier targets, as denying their data puts a moral or even legal onus on the business.

Expedience vs. Expense

Insurance companies want a quick solution, especially if their reimbursement clauses include business interruption—coverage for loss of service during recovery times. Paying the ransom may be more expedient than covering litigation and disaster recovery costs. Despite seeming counter to the principles at work, it is frequently the best choice for the business (and the insurer) in terms of offsetting loss of revenue generated by the projected downtime of recovery.

Some argue that once a business pays, it demonstrates a willingness to concede, thereby setting the precedent for future hackers to follow suit; a group of mayors have sworn never to concede even when faced with the numbers supporting payment of ransoms. But they may be onto something, because as ransomware is increasingly successful, the ransoms are becoming increasingly larger, and insurance is something of a guarantee that an attacker will get paid.

An Answer, Plain and Simple

Predictive analysis and cyber insurance may be big business, but the single best protection for your data yet remains an off-site, air-gapped backup; but it doesn’t end there. Here are four precautions you can take to foil ransomware demands, enabling you to confidently deny data ransomers:

  1. Have a backup plan: Even if it happens once a week on your uncle’s tape drive, make a point of duplicating your data, and take the 3-2-1 rule seriously.
  2. Have a restoration plan in place: Just having backups is not enough. In addition to redundancy, having a restoration plan in place—and drilling against the contingency of needing a total system restoration—are both critical parts of minimizing your vulnerability. Sometimes the cost in downtime alone of restoring backups can be the deciding factor. Everyone involved in fixing the issue contributes their worth in time; the longer your systems are down, the more expensive it becomes.
  3. Maintain current image templates: Having these templates of the most commonly used systems for quick rollout in case of a system-wide outage can go a long way to bringing a downed system back up in relatively little time.
  4. Encrypt your sensitive data: If your data ever gets stolen, it won’t be of any use to would-be resellers (by doing so, if you ever get breached you will be the first company on record to report a breach and claim with 100% confidence that all affected consumer data is perfectly safe).

With these precautions in place, even if your data is ransomed, recovery becomes a matter of days (or even hours) rather than weeks and months, and costs drop in proportion—and, bonus, customer opinion doesn’t decline as steeply when the loss doesn’t irrevocably impact their data. If targets are prepared and nimble enough to take the loss, even if it is more expensive than the ransom, ransomware will become less lucrative, and will diminish as a viable method of attack.

Turn Ransomware into "Ransom? Where?"

StrongKey's "FIDO Wall" protects a company's most sensitive files from ransomware heists. A "FIDO Wall" can prevent ransomware attacks if you are willing to adapt your behavior when accessing your most sensitive files. Ransomware cannot provide the Test of User Presence (TUP) mandated in the FIDO protocol. See for yourself.

An enterprise Tellaro deployment with StrongKey "FIDO Wall" will be less than 25% of what Colonial Pipeline paid to get their files back—not to mention the untold losses they experienced.

Click here to watch a simple breakdown of ransomware prevention and protection.