Can ransomware infect encrypted files?

The European Union Agency for Cybersecurity (ENISA) noted a 150% rise in ransomware attacks between 2020 and 2021, while a Cybersecurity Ventures report estimated that ransomware will cause $265 billion in annual economic losses by 2031.

Ransomware attacks can be devastating regardless of your industry. In its 2021 Internet Crime Report, the FBI recorded over $49 million in ransomware losses, up from $29 million in 2020. (The FBI noted that this figure does not include any third-party remediation services or lost business, time, wages, files, or equipment — nor do victims always report a loss amount — so its estimate is artificially low on several fronts.)

With the threat from ransomware growing so rapidly, it’s no surprise that organizations are searching far and wide for the right solutions. Encryption, a common security measure used for data protection and regulatory compliance, may sound like a solid option.

But is it a viable solution? Below, we’ll break down your options and explain some ways to help your organization neutralize the impact of cybercrime.

Does encryption prevent ransomware?

In a word, no. Ransomware can infect even encrypted files by adding its own layer of encryption on top of your organization's protective encryption.

Let's break it down further. There are a few common kinds of ransomware:

Crypto-ransomware, which encrypts valuable files to prevent the owner from accessing them.
Locker ransomware, which does not encrypt a computer’s files but rather locks a victim out of their device.
Scareware, which uses pop-ups to make false claims about frightening malware infecting a user's device and requests payment to solve the fictitious issue.

There are other types as well, but most ransomware works by encrypting files — and it can do so whether those files were originally encrypted by the owner or not.

The bright side? Encryption does help protect against double extortion ransomware, which occurs when ransomware attackers threaten to release sensitive or confidential information that they exfiltrated during their attack.

However, encryption is not a viable solution to prevent a ransomware attack in the first place, since it was not designed for that purpose. Businesses will require other solutions to keep their critical data safe against the rising threat of cybercrime.

How to contact the authorities if your organization is hit with ransomware

In the event of a ransomware attack, it’s important to report the event to the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), the Internet Crime Complaint Center (IC3), and/or the US Secret Service. These organizations may be able to offer assistance in handling the attack.

Because up-to-date information is so critical for tracking down cybercriminals and preventing future attacks, reporting ransomware attacks is now required by law in some cases. With the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), 16 critical infrastructure industries in the US are now required to report any ransomware payments they make to the Cybersecurity and Infrastructure Security Agency.

How can companies mitigate the impact of ransomware?

Ransomware can cause significant financial damage beyond the extortion payment itself. According to one report, organizations paid an average of $1.4 million to recover from a ransomware attack. That includes response and restoration expenses, loss of devices, costly downtime, regulatory penalties, monitoring and investigation costs, lost business opportunities, damaged reputations, and even class action lawsuits.

Despite the severe ramifications of a cyberattack, businesses shouldn’t lose hope entirely. Below, we’ve gathered several expert recommendations for protecting your organization against the impact of ransomware.

Beware of human error

Although ransomware is becoming much more sophisticated, the majority of ransomware attacks are still effective for one key reason: human error.

A Sophos survey found that 9% of ransomware incidents in 2020 could be attributed to misconfigured public cloud instances , while another 45% were because of successful phishing attacks with malicious file downloads, email links, and email attachments.

These phishing attempts are often effective because they use increasingly tricky social engineering to impersonate a trusted colleague and trick users into downloading compromised attachments.

Anti-spam and anti-virus products are a solid first step. Comprehensive ransomware training is also a good idea for organizations with remote employees.

Consider cyber insurance

Businesses large and small are increasingly turning to cyber insurance policies to protect themselves against a range of cyberattacks. Cyber liability insurance, which may cover financial losses from cyberattacks and tech-related lawsuits alike, can offer payouts to cover ransoms, lost income from network outages, and even government fines.

Meanwhile, data breach insurance can help businesses respond more quickly in the event of loss or theft of personal identifiable information (PII). These policies may cover credit monitoring services for victims or PR services to handle the public fallout from a data breach — valuable services, given that the average cost of a US data breach in 2020 was nearly $4 million.

These kinds of insurance policies can be particularly useful for combating ransomware. According to the Institute for Security and Technology, ransomware attacks are the most commonly reported cyber insurance claim — and that number is only growing. Luckily, ransomware policies now cover everything from data restoration and incident response costs to interruptions in business continuity and the ransom payment itself.

Use the ShardSecure platform to mitigate ransomware

ShardSecure offers an innovative approach to file-level encryption that keeps data safe from exfiltration in double extortion ransomware attacks. By rendering data unintelligible to unauthorized users, we stop ransomware attackers from being able to exploit any data they manage to access.

However, the ShardSecure platform also offers protection that traditional encryption solutions do not. Our data integrity checks detect unauthorized modifications — including those cause by ransomware attacks — and our self-healing feature automatically reconstructs the affected data while sending an alert to the SOC. This means that real-time ransomware repairs can begin automatically, minimizing costly downtime.

Contact us today to learn more about how ShardSecure can help your organization mitigate ransomware attacks and maintain business continuity.