Blog

Ransomware: Remove the data, remove the threat.

Written by Simon Ragona | Apr 30, 2021 3:08:00 PM

Ransomware has become a destructive nuisance that is plaguing organizations large and small. We have seen ransomware cripple businesses to the point of extinction and others who will forever be altered by the reputational damage that resulted. Each headline data breach related to ransomware overshadows the hundreds that don’t make mainstream news but are still impacting thousands of consumers every day. And each time we hear about one of these incidents, it seems to be far worse than the prior one. We also learn that many of the impacted organizations had previously implemented various best practices into their information security programs. Yet, it seems that ransomware continues to have the advantage. But why?

 

A growing trend in RansomOps has worsened the problem as these sophisticated adversaries are using mature, well crafted malware designed to attack in a very timely fashion and not only encrypt the data but actually steal a copy first – the popular double extortion method. If an adversary obtains a copy of the data before they lock it with ransomware, they can further threaten a victim who has not paid the ransom. This is often the case for companies that believe they have recovered from a ransomware event by simply restoring their extorted data from backups. In addition, these cyber criminals are focused on specific verticals such as education and healthcare that are forced to pay ransoms that have hit 7-digit figures due to the fast-paced nature of their businesses. Most companies in these two sectors have disparate (and often outdated) technology spread across multiple networks and simply have not overcome the challenge of fully protecting their environments and their assets.

 

The obvious goal of ransomware is to target an organization’s most valuable asset – its data – and extort the owners of that asset for monetary gain. This simply means that where data is present, ransomware has a target. Put aside the many layers of defense that many organizations are spending hundreds of thousands of dollars on each year since the game of ‘cat and mouse’ will continue to persist between attackers and companies attempting to protect their assets; each layer of defense will have its weaknesses and attackers will find ways to penetrate them in order to get access to the much desirable assets – the data.

 

Companies are focused on protecting their assets using the well known defense-in-depth method often depicted using designs such as the pyramid, fan, or overlapping circles to show perimeter, network, endpoint, application, and data security all surrounding the core element – data. Sure, these things are vitally important and all because of one key factor – their main intention is to protect the core assets of an organization. And the paradox is that this is also the key factor why ransomware continues to threaten nearly every company – the data is still present no matter how many layers surround it. If an adversary can bypass these layers and get access to the assets, they win.

 

Calamu Protect is a solution that does not fit into the traditional layered defense model. It goes beyond the final layer of data security which focuses on access controls, DLP, encryption, and classification, and provides a new method to data protection. Calamu Protect completely removes the data by fragmenting and scattering it to multiple storage locations consisting of cloud, on-prem, or a hybrid combination. The assets are completely removed and the presence of valuable data is eliminated – thereby removing the threat of ransomware. If ransomware strikes endpoints in a Calamu protected environment, there are no assets to steal and encrypt. Beyond the endpoints, the encrypted fragments are distributed in such a manner that no single storage location contains all of the fragments (not to mention the lack of rotating encryption keys which are dispersed in alternate locations) to rebuild the original files. Not only does this provide the ultimate protection against ransomware but it also simplifies compliance obligations. In addition, the intelligence of the platform allows the fragments to automatically self-heal if a storage location suffers a catastrophic impact such as a ransomware attack or even a major outage.

 

Ransomware is going to exist for the foreseeable future, and continuing to implement layers of defense will help mitigate the threat. However, we must collectively evolve how we protect our data. By using Calamu Protect to remove data from the environment and store it in a way that makes each individual fragment valueless, we are also devaluing the benefits of a successful ransomware attack. This approach may someday be able to abolish the threat completely.