Can Data Tokenization Help Mitigate Ransomware?

by PCI Booking – July 7, 2021

Ransomware, the scourge of industry, is rapidly becoming the darling of the fraudster at the expense of organizations the world over. Recent high-profile cases suggest that ransomware fraudsters are experiencing continued success in their aim to extort money. A successful criminal act breeds more of the same. For years now, the security industry has sent out advisories and developed technological solutions to help prevent or mitigate ransomware attacks. However, ransomware attacks continue unabated. Another alternative way to mitigate against these damaging cyber-attacks is to use data tokenization. This post will look at the damage that ransomware leaves behind in its wake and how the tokenization of sensitive data can help prevent disaster.

Why ransomware is so bad

Ransomware is not a new concept, but this cyber-attack type has continually evolved to a point where the malicious packages and models behind ransomware are highly sophisticated. The focus is on leveraging techniques to extract money from the target – whatever that takes. A few years ago, ransomware placed a pin in the cyber-attack map when the WannaCry ransomware attack impacted organizations the world over. Since then, hacking gangs have seen the advantages of this most malicious of malware with the effect that ransomware has been elevated to cybersecurity exploit of the century because of certain elements:

  1. Ransomware works because it hits organizations where it hurts – their data: in a world where most companies are now heavily reliant on digital data, removing access to these data, or holding data to ransom, effectively shuts down a business. Cybercriminals are now increasingly stealing data, not just encrypting it, but then threatening to expose the sensitive data to force the payment of the ransom.
  2. Ransomware pays: a study from Kaspersky found that around half of victims pay the ransomware but only one-quarter have their data returned.
  3. Ransomware is easy to infect but hard to detect: one of the tricks of ransomware is that all it takes to infect a business is for an employee to inadvertently click on a suspicious email and the business is infected. On the other hand, security systems and the experts that manage them have many different avenues of attack they need to protect from.
  4. Ransomware is increasingly dual-action: ransomware such as CLOP has a double-sting in its tail. Not only does it encrypt data to make it inaccessible, but it also steals data; the data being used for further fraud or to put the pressure on the businness to pay a ransom.
  5. Ransomware is easy to use: franchises based on an ‘as-a-service’ model make ransomware more accessible. Now anyone with a criminal mind can potentially make use of the malicious software for a monthly fee and a cut of the takings. Ransomware-as-a-Service (RaaS) has created opportunities galore for cybercrime wannabes to make fast cash.

Once infected, companies are not only held to ransom, losing sensitive data that is at risk of being made publicly available but they are also impacted by the costs of downtime caused by the malware. A report from Datto found that downtime costs in 2020 due to ransomware were 486% higher than in 2018.

How data tokenization can help mitigate against ransomware disaster

High-profile ransomware attacks such as those impacting the Colonial Pipeline company and JBS, a meatpacking company, are attributed to the hacking gang REvil. Both companies were threatened with the exposure of stolen data. In the case of Colonial Pipeline this was almost 100 gigabytes of data, REvil threatening to leak the data onto a website dedicated to exposing stolen data.

Hacking gangs are organized and skilled and are actively targeting companies across all sectors. Many hacking gangs, such as GranCrab, also make their ransomware available via a RaaS model. Both Colonial Pipeline and JSB paid millions in bitcoin to the attackers. Even large organizations, like these, who can afford to employ dedicated security teams, staffed with skilled personnel, struggle to prevent ransomware attacks. Although typical countermeasures are in place, such as security patches, backup systems, and anti-phishing tools, ransomware still seems to find its way into IT systems. Mitigation is a key strategy in dealing with such tricky malware that targets data.

Data tokenization is a novel ransomware mitigation strategy that can be added to the arsenal of tactics needed to counter modern ransomware threats.

What is data tokenization and how can it mitigate ransomware?

Ransomware criminals encrypt data and demand the payment of a fee, in many cases in bitcoin, to receive a decryption token. They are also increasingly stealing data before encryption, helped by evasion tactics, then using these data to enforce a ransom payment and to commit further fraud. What better way to counter these cyber-attackers than to play them at their own game and make the data useless to them?

Tokenization is a data-centric security measure where sensitive data is replaced with a software token represented by unique symbols. The great thing about tokenization is that the systems that need to use these data still can, but nefarious actors cannot. Tokenization effectively removes that data from exploitation via ransomware and protects it from being used to pressurize an organization into paying a ransom. As more cybercriminals are using the technique of a double sting to force payment of a ransom, making sensitive data useless as a bargaining tool will make the life of the ransomware criminal that bit harder.

Interested in Data Tokenization?

PCI Booking’s Data Tokenization uses the technology developed to keep payment information secure and adopts it for use across all data files. Ransomware attacks demonstrate the havoc that losing access to your customers data, even if it’s not payment information, can wreak.