Can ‘Data Backup’ save your face during a ransomware attack? Think again

by Ashish Nathani on September 1, 2020

“It’s a cat and mouse game” is the old adage you may hear regularly whenever someone speaks about cybersecurity. Unfortunately, a cat never demands a ransom to release its victim. As they say, a cat has nine lives, but the mouse only has one. The life of a cybersecurity professional is not very different from that of the mouse. They also have just one life and cannot afford to fail. To make matters worse, cybersecurity professionals must fight against an invisible enemy in the borderless digital world where the enemy is possibly operating from a different continent away from the local jurisdictions and has better expertise and resources at their behest.

Now let’s come to the topic of “Ransomware,” which almost rhymes with “Nightmare” and has been giving more sleepless nights than the COVID-19 to Cybersecurity Warriors. For the uninitiated, a ransomware attack locks your data (encrypts your files) on your systems and is followed by a ransom note from the attacker, demanding the payment usually in the form of “Cryptocurrency”. 98% of the ransom demanded as crypto is in form of “Bitcoins”. [1] Recent incidents at Cognizant, Garmin, and Canon are variants of the ransomware attack. The average cost of such attacks is around $700K. [2] It doubles when organizations agree to pay the ransom. Multiple surveys indicate more than 40% of organizations faced ransomware attacks in the last 12 months. The cost of ransomware is on the rise, and Cybersecurity Ventures estimates that the global costs will reach $20 billion by 2021. [3]

The standard modus operandi of attackers is to encrypt the data on the victim’s computer so that it becomes unusable and then demand a ransom. Now over the years, cybersecurity warriors have figured out ways and means to tackle this menace. Prominent among them is “Data Backup.” Data Backup ensures you can always restore the data from a copy and “Voila” the problem is solved. Unfortunately, hackers keep improvising, and now they do not just encrypt the data, but also steal it before encrypting it. In case the victim does not pay up, they threaten to leak the data on social media or the dark web. Data leakage is a significant threat for companies as their sensitive data, including confidential customer information, could reach the hands of non-state actors or competitors, causing huge reputation loss.

Ransomware incidents started increasing in late 2019 and became frequent in 2020. The most recent case is that of the University of Utah, which had to pay $457,059 to prevent hackers from leaking the data, even though they had successfully restored their data from backups. Exfiltrating the data before encrypting it started with the Maze ransomware group. Now multiple groups are emulating this practice (quick learners!!!). The ploy of data backups is not effective anymore and will not protect against the new form of ransomware attacks.

There are multiple solutions available that can address the problem to some extent. The majority of attacks are initiated through the browser, focusing on the security of it should be the highest priority. Among the ways to protect the web browser from ransomware attacks, remote browser isolation is gaining popularity as it is a preventative cybersecurity architecture where the web browser runs in an isolated environment from the local network and endpoints. When a user browses the Internet, the web objects are fetched and executed in isolation, not on the endpoint, thereby leaving all hacking and malware injection attempts ineffective. Unlike the secure web gateways, antivirus solutions, and firewalls which depend on known threat patterns or signatures, remote browser isolation is built using a Zero Trust-based model that does not distinguish between threats and streams harmless pixels to users’ screen. It protects you from ransomware, spearphishing, credential theft, and social engineering and saves you the pain of losing data to hackers and paying ransoms.