Atakama’s File Encryption Will Prevent Ransomware Exfiltration Threats
Ransomware attacks today look a lot different than in the recent past. They have expanded in magnitude, frequency, and severity. Past attacks were much smaller in scope and significantly less complex. Any security professional that is attempting to secure their organization based on the profile of past attacks will eventually encounter devastating results.
- Ransomware attacks have escalated in recent years; 2020 Cyberthreat Defense Report.
- Attacks have evolved into file exfiltration, where the adversary steals files, which tend to be client files, and threatens to publish them online.
- Average ransom payments have increased 33 percent since the fourth quarter of 2019.
Ransomware has grown so sophisticated that Europol, the European Union’s law enforcement agency, last year called it “the most widespread and financially damaging form of cyber-attack.”
Let’s take a look at why ransomware attacks are escalating, what organizations and municipalities can learn from previous schemes, and how a comprehensive security strategy can reduce the exposure.
A 2020 study by global security firm Kaspersky surveyed employees' perception of ransomware and cited some of the possible reasons why attacks are still on the rise. The findings underscore the harsh reality that despite investments in comprehensive cyber protections and employee-based awareness campaigns, a significant percentage of workers remain unprepared to respond to intrusions.
As a result, there’s increased pressure on IT and security staff to deploy additional measures to mitigate risks to a company’s infrastructure and financials. Not doing enough to prevent a breach could contribute to an employee’s dismissal—most likely those responsible for thwarting malicious acts.
According to the survey, 45 percent of respondents said they would not know how to respond to a ransomware attack; 37 percent were unable to define the term ransom; 40 percent of those who experienced a ransomware attack said they do not know the necessary steps to take in response to another attack; and 68 percent felt that a company's IT security teams are responsible for taking care of a cyberattack.
What’s more, warnings from security experts and government agencies often go unheeded, and even the most basic safeguards are being ignored. A troubling analysis produced by the Swiss government found common flaws among businesses recently subject to ransomware attacks, noting that: “IT security of the companies affected was often incomplete and the usual best practices were not fully observed.”
Clearly there are challenges organizations face. Contributing to the rise in ransomware plots are the myriad factors that hackers exploit. Among these:
- Regulatory restrictions on cloud Storage
- Malware sophistication
- Human weaknesses
- Spam/phishing Emails
- Lack of cybersecurity training
- Weak /centralized passwords and /access management controls
Security experts are always managing risks as the threat landscape evolves. Identity and access management (IAM) plays a key role in a company’s security and productivity posture.
Employing comprehensive IAM is top of mind for any security professional. It helps CISOs and their teams manage user access, and enables the IT staff to work more efficiently. IAM also ensures compliance regulations are met, such as monitoring user activity, maintaining audit logs, and protecting customers and their private information.
As more companies grant staff the freedom to work remotely due to COVID-19, employees may be unwittingly exposing themselves—and their employer—to cyberattacks. As people increasingly use personal devices, one tiny error, such as clicking on the wrong email, provides hackers all they need to access your network. Of course, it doesn’t necessarily matter where a person is logging in to their company’s network, because hackers can take advantage of the aforementioned vulnerabilities and wreak havoc, regardless.
Too often, organizations are overly reliant on passwords and multi-factor authentication to defeat breaches. The inherent problem is there are ways to obtain cracked passwords—via brute-force attacks, credential stuffing, or phishing schemes, etc. With file-level encryption that is disconnected from IAM, even if someone is able to break into a network, individual files would largely be inaccessible.
At the same time that cyber threats have grown more elaborate and costly, hackers have become more unpredictable. They aren’t only directly targeting organizations and municipalities, but also third parties holding their sensitive data.
As destructive and unsettling as these schemes are, they do provide security experts with insights into different types of threats and the mechanisms facilitating them, and consequently, how to successfully safeguard against associated vulnerabilities.
The Worst of Them All: Maze Ransomware
- Attack Vector: Hackers exfiltrate companies confidential data, usually consisting of client files, and threaten to publish the contents online.
- Target: Law firms and other professional services firms, large IT service providers, government institutions, nuclear contractors and many more.
- Notable Attack: A ransomware attack on IT services supplier Cognizant will cost the company between $50m and $70m over the next three months and it will incur further costs during the year as it works to address the full impact of the attack.
- The Takeaway: Maze Ransomware attacks are increasing at an alarming rate and are continuing to successfully exfiltrate and extort companies both large and small, publishing thousands of their confidential files. Companies who refuse to address the need for proper file encryption are increasingly at risk of becoming victims of this attack.
Atakama Is Your Solution Against Maze Ransomware
Our file encryption software uses AES-256 and a distributed encryption key management scheme to replace passwords. This alone can significantly minimize the risk of exposure from hackers.
Atakama goes beyond traditional encryption solutions. Where other encryption bulk decrypts the instant a user (or adversary) is authenticated, Atakama’s approach is to separate file encryption from user authentication. Without reliance on traditional authentication mechanisms (i.e., usernames and passwords) files always remain encrypted when at rest, even to an adversary who is able to gain access to the network. The only thing the adversary would be able to exfiltrate are encrypted files, but because those files are Atakama encrypted they are rendered useless in the attack. By doing so, Atakama nullifies any attempt to ransom or otherwise extort company files.
Beyond the state-of-the-art encryption, our features are easy-to-use, compatible with a multitude of systems and devices, and enable users to protect files whether stored in the cloud or on a network, and all without compromising existing user workflows.