If there’s one threat that keeps the average information technology (IT) security leader awake at night, it’s the threat of ransomware, which continues to plague businesses across the globe. One recent report predicts that by 2031, ransomware will cost the economy around $265 billion each year, with a new attack happening every two seconds.
Even after a ransom has been paid, it’s unlikely a company’s data will be retrieved in its entirety. One industry study noted that only 8% of ransomware victims were able to recover all of their data after paying a ransom, while nearly a third reported that they were unable to recover more than half of their data.
To make matters worse, ransomware operators have embraced an array of insidious tactics to extract payments from their victims, such as double (or even triple) extortion, in which an attacker not only encrypts the victim’s data but then threatens to publicly disclose sensitive data, including user personal identifiable information (PII) or other confidential intellectual property (IP) whose public release could cause reputational damage.
Responding to ransomware
In response to the evolving tactics of bad actors, security professionals are considering a range of cybersecurity strategies to combat ransomware as well. Perhaps the most common way in which companies protect themselves against ransomware is by ensuring that their most sensitive data is encrypted and regularly backed up. However, this strategy is fallible — many ransomware actors use techniques that make data retrieval complicated.
Security professionals can consider strategies other than encryption to protect company data in the event of a ransomware attack. Microsharding is a coordinated, three-step process that consists of shredding, mixing and distributing data across multiple storage repositories. It’s based loosely on the concepts of RAID 5 and traditional sharding — a process used to distribute a single dataset across multiple databases to increase a system’s total storage capacity.
Think of microsharding as putting a document through a shredder, taking the shredded pieces and sending them through a few more times, and then mailing each individual piece of confetti to numerous undisclosed locations. When data is shredded like this, the resulting microshards are too small — as small as just a few bytes per piece — to contain any sensitive data.
Microsharding goes a step further by mixing a company’s sensitive data with poison data; automatically scrubbing the files of identifying information such as file names, file extensions, and other metadata; and then distributing the tiny shards across multiple containers of the user’s choice in multi- and hybrid-cloud environments.
3 ways microsharding protects against ransomware
While there are many ways that microsharding can ensure the integrity of sensitive data in general, it has three features that are particularly well-suited to protecting against a ransomware attack:
- There’s no key to lose: One of the common misperceptions about data encryption is that once enterprise data is fully encrypted, it’s safe. Of course, if the credentials of the administrator who owns the decryption key are compromised or if the key is lost, then all bets are off. Moving to a new key or encryption algorithm also requires decrypting and re-encrypting all the data — often a costly and time-consuming exercise. Microsharding allows companies to avoid worrying about key management concerns, since the technology involves no concept of a key.
- There’s no sensitive data to exfiltrate: Once sensitive data has been microsharded, it is effectively desensitized. Since unauthorized users can only access an indecipherable fraction of a dataset, companies’ confidential material is protected against the data exfiltration aspect of ransomware in which attackers threaten to publish sensitive or confidential data.
- Real-time resilience: Microsharding technology can also help reconstruct affected data whenever it is encrypted by ransomware. This means that real-time ransomware repairs can begin automatically and in a way that is transparent to users. In addition to making data more resilient to bad actors, microsharding also makes data more resilient to outages, network issues, misconfigurations and other unanticipated disruptions.
As long as cybercriminals have the means and incentives to execute ransomware attacks, they will continue to do so. And as security professionals have seen these past few years, targeting sensitive data remains a powerful incentive. By desensitizing sensitive data using technologies like microsharding, businesses can significantly reduce the impact of cyberattacks while also disrupting the business model of these bad actors.