The Relationship Between Data and Ransomware

The Relationship Between Data and Ransomware

We've seen ransomware evolve over the years from basic encryption attacks to chained attacks that further incentivize the victim to pay up. Additionally, individual hackers group up and create business units and organizations to further attack victims. Now, the attacks have evolved even more into a triple threat, including:

Threat 1: A hacker encrypts critical business files and offers to sell decryption keys to gain access back to impacted files. Threat 2: Hackers find sensitive data in the network and exfiltrate the data. This attack is known as double extortion. Threat 3: Hackers are now using denial of service attacks following a ransomware attack to entice faster payments.

The takeaway from the above is that your data is highly desirable.

Because of this, many cybersecurity laws and regulations call for a clear understanding of data sensitivity and quantity. The first fines and penalties for the data security law 23NYCRR500 were high due to a lack of visibility and a clear understanding of the quantity of sensitive data in a hacked system. Data mapping first requires an inventory of information systems supporting the business. Then, the company must differentiate between types of data based on their criticality to the business. Data that requires a high degree of confidentiality, integrity, or availability will be most critical.

The last piece of this puzzle is the need to understand how much data is present. A company must also determine which systems house the most sensitive data. From here, companies can determine which systems are most critical to protect. Said another way, which system has the most risk and deserves the most attention?

Since ransomware has evolved, exfiltration tactics shine a bright spotlight on the significance of data. Hackers have figured out that stealing more sensitive data will lead to a higher likelihood of ransomware payout. Since the impacts of exfiltrated sensitive data are high, a business should know its potential liabilities. If a hacker wants your attention, they'll lock your files, steal them, and then bring down company infrastructure.

Performing a data mapping exercise can reduce the impact of a breach. Investigators can know where to prioritize time and analysis effort. Attacker artifacts will stand out more when the artifacts reference applications or systems where investigators know sensitive data is stored. Finally, knowing where this data lives can help a business reduce, minimize, and lower the number of impacted records.