News

Data Encryption and Ransomware

Written by Beauceron Security | Dec 6, 2021 12:38:14 PM

Author: Beauceron Security

What is Data Encryption?

Data encryption is a way to keep your data safe by changing it from plain text to ciphertext. Encrypted data can be accessed by someone who has an encryption key and decrypted data can be accessed with a decryption key. Unencrypted data remains a liability and cyber risk for organizations in the event that a ransomware gang steals their data and publishes it online.

There are two types of digital data that can encrypted: “transmitted digital data or in-flight data and stored digital data or data at rest.”

How Does it Work?

Encryption works to protect and guard your data from prying eyes. It verifies the origin of the user trying to access the information, checks that the original data has not been modified or changed and finally allows only legitimate and verified users access through their encryption or decryption keys.

Just as there are two types of digital data, there are also two types of encryption: asymmetrical and symmetrical. Asymmetrical encryption uses two different keys to encrypt and decrypt data while symmetrical encryption uses only one key to preform both functions.

Why is it Important?

Data encryption is an essential and important step in protecting your personal or organizational information from cyberattacks and cybercriminals. If data is encrypted using “a secure key management scheme,” then hackers won’t be able to decrypt the information and publish it online in exchange for a ransom. Hackers will still be able to encrypt your data, but because it has already been encrypted by you or your organization, the confidential data remains safe from hackers.

The most effective way to protect your data is to encrypt it while at rest. It’s recommended that you use an entity-level encryption algorithm which uses different keys for each user. For example, customers would have a different key than accounting or sales. This means that if one entity is compromised in a ransomware attack, the other users and their information remain safe.

Ransomware and Data Encryption

Ransomware groups profit from encrypting your data, and every time a ransom is paid it motivates them to do it again. As scary as this may sound, ransomware groups have now started encrypting data twice at the same time, a method which is referred to as “double encryption.” Separate ransomware gangs have attacked the same organization at the same time before, resulting in double encryption; but now a growing trend is a single ransomware group encrypting data twice at the same time.

Sometimes the individual or organization affected is notified that they have been attacked twice, other times they only find out once the first ransom is paid.

There are two ways that ransomware gangs typically implement double encryption. The first involves encrypting data with one algorithm and then encrypting it with a separate and unique algorithm again. The second method involves encrypting some files with one form of ransomware and others with another form. This second method is more dangerous as ransomware groups work diligently to create two separate and unique forms of ransomware that behave and look very similar so that response teams originally believe that the organization has only been hit with one ransomware attack.

Ransomware-as-a-service and Data Encryption

Ransomware gangs can also operate as ransomware-as-a-service entities where they create the ransomware strains that they then sell to other ransomware gangs to carry out attacks. This means that a cybercriminal doesn’t need to know how to create a ransomware strain, only how to implement it. This allows the author of the ransomware strain a guaranteed income as the buyers pay in advance of using the service, which makes this model especially appealing and low risk.

Steps to Protecting Your Data

  1. Identify what assets you have

  2. Encrypt your data

  3. Create an incidence response plan

  4. Always have a backup that is not connected to your network in the event of an attack

Did you find this blog helpful? Make sure to share it with your teams and colleagues to foster a positive and knowledgeable cybersecurity culture.

Read the original article here