Protecting Business-Critical Data is Imperative in Times of Ransomware

How You Can Fight Back and Make Attackers’ Lives Miserable

With organizations digitizing every aspect of their internal and external operations, and corporate perimeters disappearing, cybersecurity threats escalate in magnitude and sophistication. Businesses have to face attacks against their IT networks that they are simply not prepared for. The recent cyberattack on the US energy infrastructure is the latest reminder of how dangerous cyberthreats can be. In this particular case, major US fuel pipeline operator, Colonial Pipeline, had to shut down its network due to a ransomware attack.

Ransomware Today

Ransomware is a cyberattack that locks mission-critical data until a ransom is paid. Hackers typically demand individuals or organizations to pay significant amounts of money for a cryptographic key that unlocks the data that has been encrypted, or threaten to release the data that would damage their reputation, as occurred in the case of the Washington DC Metropolitan Police Department.

According to a global study published by IT security firm Sophos in partnership with research house Vanson Bourne — that leverages a survey of 5,000 IT managers across 26 countries — 51% of organizations were hit by a ransomware attack in 2020. The 2021 Unit 42 Ransomware Threat Report reveals that the average ransom paid by victimized organizations reached $312,493 last year, a figure that does not include the cost of system downtime and recovery, nor the human toll. All this reinforces the fact that ransomware continues to be a very real and devastating threat for organizations, small or large, it doesn’t matter.

How Do Hackers Hold Data Hostage?

In a ransomware attack, hackers encrypt the victim’s data, preventing that data from being accessed or used. This lock on the data may cause business-critical systems to lose access to information needed to operate a business, and this information may include sensitive data about customers. An extreme, but very disturbing example is that of a person dying as a consequence of a ransomware attack, which reportedly happened in 2020. According to an article by ZDNet, the Düsseldorf University Hospital could not care for a patient because it was dealing with a ransomware attack, and the patient died after being rerouted to another hospital.

If a company’s initial response is not to pay, hackers will often increase the ransom as well as threaten to release the company’s business-critical and sensitive data to competitors or the world, with the intention to damage its business and reputation. In these situations, paying the ransom, with or without using insurance, may be found less damaging, so the company pays up.

Another problem is that over time, malicious hackers have gotten more sophisticated. Understanding the business they are attacking, and finding and encrypting the data that can harm businesses the most, has led to more devastating attacks like the one on the US energy infrastructure.

What Can You Do to Protect Your Most Valuable Data?

Businesses and government agencies have been scrambling to protect their most critical data — using AI, cryptography, firewalls, zero-trust approaches and extended detection and response, you name it — and are in a constant race to try to stay ahead of malicious cyberattackers.

With Sextant for TFS, a joint offering built by BTP and cybersecurity startup Taekion, we provide an effective way to preserve your business-critical information. Taekion created the Taekion File System (TFS) — in alignment with the NIST Cybersecurity Framework — to keep mission-critical business files away from attackers. With TFS, organizations can securely store entire files on the blockchain, alongside their immutable history. Before being stored, each file is validated through consensus, and encrypted with its own key, so if stolen, the file is unreadable, unless the thief is in possession of the private key.

TFS automatically creates multiple copies of a file in a distributed ledger network, within seconds of being saved, so there is no single point of attack, and a file cannot just be zipped up by ransomware and held hostage. A minimum of four entire copies of a file are immediately stored across a distributed network, and each copy can be in a different physical location, anywhere in the world. So essentially, for ransomware to work, the attacker would have to find and encrypt all copies. Additionally, asynchronous offline copies are available to provide protection in the very unlikely scenario that all copies get captured by ransomware.

All this may sound complicated to implement and use, but it isn’t. The BTP Sextant platform automates the deployment and management of both TFS and the underlying permissioned blockchain network. To learn more about how Sextant for TFS can protect your business-critical files, request a demo.

Special thanks to Taekion for the contribution to this post and to Monty Python for their prescient humor.

Further reading: Delivering 21st Century Information Security by the Global Blockchain Business Council.