Ransomware is a vicious type of malware that cybercriminals use to block access to your entire system or specific sensitive files/databases, until a ransom is paid. While a ransomware attack usually doesn’t result in a data breach, cyber criminals have been moving toward taking a copy of the data before triggering the encryption, and then threaten to expose the data to pressure the victims into paying up.
CipherTrust Transparent Encryption, one of the widely deployed data protection solutions within the CipherTrust Data Security Platform, which provides data-at-rest encryption, fine-grained access control and application whitelisting capabilities to prevent ransomware attacks.
CIPHERTRUST TRANSPARENT ENCRYPTION SOLUTIONS FOR RANSOMWARE ATTACK MITIGATION
CipherTrust Transparent Encryption provides application whitelisting capabilities using fine-grained access control policies that enable organizations to block any rogue binaries from encrypting files/databases, even if the intruder has execute permissions for that binary and read/write permission to the target file that contains business critical data.
- Application Whitelisting identifies “trusted applications” – binaries which are approved to perform encryption/decryption of business critical files. It also needs to provide a way to check the integrity of these applications with signatures to prevent polymorphic malware from getting into approved binaries.
- Fine-grain Access Control to your agency’s critical data, which defines who (user/group) has access to specific protected files/folders and what operations (encrypt/decrypt/read/write/directory list/execute) they can perform. Some malware depends on escalating privileges to gain great system access. Appropriate access control solutions can bar privileged users from examining and even accessing resources.
- Data-at-rest Encryption protects data wherever it resides in on-premises data centers or in public/private clouds. This makes the data worthless to intruders when they steal critical or sensitive data, and threaten to publish it if the ransom is not paid. In addition, some ransomware selectively encrypts files so that it doesn’t take systems entirely offline. Others look for sensitive data and only encrypts those files. In these cases, encrypted files aren’t possible to scan by the malware and, therefore, are not attacked.
- Transparent data protection: CipherTrust Transparent Encryption continuously enforces file-level encryption that protects against unauthorized access by users and processes and creates detailed data access audit logs of all activities without requiring changes to applications, infrastructure, systems management tasks, or practices.
- Seamless and easy to deploy: CipherTrust Transparent Encryption agents are deployed on servers at the file system or volume-level and support both local disks as well as cloud storage environments, such as Amazon S3 and Azure Files.
- Comprehensive security intelligence: It identifies and stops threats faster with detailed data access audit logs that not only satisfy compliance requirements, but also enable data security analytics.
WHITE PAPER: PREVENT RANSOMWARE ATTACKS FROM DISRUPTING YOUR AGENCY WITH THE CIPHERTRUST PLATFORM
This white paper helps you understand the anatomy of ransomware attacks and explores the solutions available in the market today to defend against such attacks. It illustrates how security policies in CipherTrust Transparent Encryption from Thales enable you to prevent rogue processes and unauthorized users from encrypting your most sensitive data and thereby protects you from ransomware attacks.