Fortifying the Digital Fortress: Insights on Ransomware, Exfiltration, and More

As the global security community gathers at Black Hat, the urgency of protecting business data has never been clearer. This year’s keynotes and training sessions highlight the rapidly evolving cyber landscape, from AI to zero-day exploits. Underpinning many of these sessions is a focus on keeping vulnerable data safe from attack.

At ShardSecure, we often write about the wide range of data security threats facing businesses of all sizes. This summer, we’ve been paying particular attention to ransomware attacks and data exfiltration. The number of active ransomware groups has more than doubled since last year, and 91% of disclosed attacks have involved data exfiltration. As organizations increasingly rely on digital infrastructure, the potential impact of these attacks is only growing.

Today, we’ll explore the double-sided threat of ransomware and data exfiltration, a topic that we expect will be raised in many conversations at Black Hat. We’ll also discuss new strategies and solutions for protecting data, wherever it resides.

Ransomware threats

Ransomware attacks have surged in recent years, targeting businesses of all sizes. The impact can be devastating, causing operational disruptions, financial losses, and reputational damage.

Some of the most worrying developments in ransomware have been the rise of organized ransomware gangs, the growth in RaaS (ransomware-as-a-service) offerings, and the targeting of critical infrastructure like power and water treatment plants.

To mitigate ransomware risks, businesses need to manage everything from regular software updates and employee training to implementing robust backup solutions and incident response plans. However, too many teams are stopping at detection and disaster recovery. While vital, these processes don’t actually prevent the operational disruptions and downtime that occur once an attack is underway.

We discuss how to bridge this gap in ransomware protection and take a more proactive approach with self-healing data in our recent blog post.

Data exfiltration threats

While ransomware attacks often cause immediate damage in the form of unavailable data and operational disruptions, data exfiltration can occur silently over extended periods. Sensitive information — including IP, R&D, financial data, customer records, and other critical material — can sometimes be exfiltrated without the company even knowing there’s been a breach.

Combating data exfiltration — including incidents that arise as part of double extortion ransomware attacks — is a challenge. Security teams need to employ a combination of role-based access controls (RBAC), real-time detection tools, zero trust architecture, endpoint encryption technologies, and/or data loss protection tools.

One solution is to desensitize data wherever it’s stored. As remote work and BYOD has risen, securing every endpoint becomes an ever-moving goalpost. ShardSecure takes a different approach by rendering sensitive data unintelligible to attackers where it resides. Whether an organization’s critical data is stored on-prem or in the cloud, the result is that unauthorized access and data exfiltration become much less serious events.

A quick note on quantum computing

Another cyber threat looming on the horizon is the advancement of quantum computing and cryptographic breakthroughs. In the wrong hands, quantum computing will be able to break asymmetric-key encryption algorithms like RSA and weaken symmetric-key algorithms.

In anticipation of this advancement, attackers are investing in “harvest now, decrypt later” (HNDL) strategies. That is, they’re collecting encrypted data with the intent to decrypt it once their computing power increases.

HNDL poses a particular threat for data stored at rest, especially in industries with long retention periods (e.g. patient files in healthcare, financial information in banking, contracts in legal services). If this sensitive data is harvested today, adversaries will eventually be able to decrypt it, leading to long-term privacy and security consequences.

ShardSecure Field CTO Julian Weinberger recently co-hosted a webinar with Utimaco, “Fortifying Against Quantum Threats,” that explored this issue in detail. To learn more, check out our solution brief on “harvest now, decrypt later” threats or watch the webinar.

Robust data protection with ShardSecure and Utimaco

The ShardSecure platform delivers advanced data privacy, security, and resilience to help companies secure their data wherever it resides — on-premises, in the cloud, or in hybrid- and multi-cloud architectures. Our innovative technology provides agentless file-level protection, ransomware risk mitigation, self-healing, protection for AI/ML datasets, support for regulatory compliance, and more.

To combat ransomware, ShardSecure offers transparent, real-time reconstruction of data that begins automatically when data fails a data integrity check. This minimizes downtime and prevents disruption to users and data flows.

The ShardSecure platform also mitigates the impact of data exfiltration and double extortion ransomware, where criminals threaten to release or sell sensitive data that they have exfiltrated. Since the ShardSecure platform renders data unintelligible to unauthorized users, any exfiltrated data will be worthless to attackers.

In May, we announced our partnership with Utimaco, a leading global provider of IT security solutions. The integration combines ShardSecure’s data protection and ransomware mitigation benefits with the secure key generation, management, and storage of the tamperproof Utimaco HSM (Hardware Security Module). 

The partnership ensures that unstructured data is well protected against outages, attacks, and other forms of data compromise — and it provides a path forward to prepare for quantum computing. ShardSecure’s protection of unstructured data also complements Utimaco’s protection of structured data, creating a robust holistic solution to address a wide range of customer needs. To learn more, take a look at our Utimaco solution brief.

Come see us at Black Hat

We’re looking forward to some great conversations over the coming week, and we hope to chat with you. ShardSecure will be at Utimaco booth #2827 from 10 a.m. to 6 p.m. on Wednesday, August 7, and from 10 a.m. to 4 p.m. on Thursday, August 8. We’ll also be doing a partner demo to show how the ShardSecure integration leverages Utimaco u.trust General Purpose HSMs to provide extremely secure at-rest encryption.

For more information about ShardSecure, schedule a demo or check out our resources page.

About Utimaco

Utimaco is a global platform provider of trusted Cybersecurity and Compliance solutions and services with headquarters in Aachen (Germany) and Campbell, CA (USA). Utimaco develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions for regulated critical infrastructures and Public Warning Systems. Utimaco is one of the world's leading manufacturers in its key market segments. 

500+ employees around the globe create innovative solutions and services to protect data, identities and communication networks with responsibility for global customers and citizens. Customers and partners in many different industries value the reliability and long-term investment security of Utimaco’s high-security products and solutions. Find out more on www.utimaco.com.