How to Reduce the Risk of Ransomware with Zero Trust

version:

How to reduce the risk of ransomware with the zero trust platform of FileFlex Enterprise is important and relevant in today’s cybersecurity environment.  Ransomware is a rapidly growing and popular form of cyberattack because it works.  Ransomware can cost organizations millions of dollars and it can require hundreds of hours to rebuild devices and restore data that have been affected by an attack.

How to Reduce the Risk of Ransomware with the Zero Trust Platform of FileFlex Enterprise

Estimated reading time: 8 minutes

“Ransomware …ultimately requires access to files and file repositories if it is to be effective. As such, ransomware is a data access issue.”

“As ransomware continues to wreak havoc on organizations, security and risk management leaders must take a data-centric view of this data-focused threat.”

Gartner, “How to Use Data Access Governance Solutions to Thwart Ransomware”, Sept 14, 2021

As a cyber-security firm, one of the most frequently voiced questions is how can the risk associated with ransomware attacks be mitigated?

Ransomware is a devastating and yet one of the simplest forms of cyber-attacks observed nowadays. The majority of ransomware attacks start with a compromise of a user or an externally facing asset. The preferred mechanism is to compromise the user and it should come as no surprise because users (aka employees/contractors or simply people) are in far greater availability than an externally vulnerable system.

If a business has 50 employees, then a threat actor has 50 possible points of entry. Hence, it should be clear that if the risk associated with user compromise is reduced or mitigated so is the risk associated with a ransomware attack from that specific vector. Read on to discover how FileFlex helps your organization to manage these risks and introduced a new paradigm for managing unstructured data.

FileFlex Enterprise is a system that changes user behavior by making file access and sharing simpler so that deployment and adoption are rapid. As Einstein said, the definition of insanity is doing the same thing and expecting different results. With FileFlex your organization will change for the better a key function while reducing the risk associated with ransomware.

Early detection and response are the keys to reducing the impact of cyber-attacks. Hence, it is critical that ransomware attacks are mitigated early on as ransomware can cost organizations millions of dollars and it can require hundreds of hours to rebuild devices and restore data that have been affected by an attack.

Fortify your network from cyber security threats by using FileFlex Enterprise for a complete ZTDA (Zero Trust Data Access) solution that solves the equation on how to best securely manage a company’s unstructured data and protect that data from cyber threats such as ransomware attacks.

As previously noted, organizations fall victim to ransomware infections via several different methods or attack vectors.  The top attack vectors are spear-phishing, compromised credentials, supply-chain vulnerabilities, and man-in-the-middle vulnerabilities. This blog will discuss how FileFlex Enterprise reduces your risk and vulnerability to these top methods of attack with additional security protocols and features for an organization’s devices, users and groups.

How FileFlex Enterprise Reduces the Risk of Ransomware

FileFlex Enterprise uses a zero trust approach to reduce the risk of ransomware.  This focuses security on every user, device and connection – every time, for zero-trust data access to any storage repository integrated into the system, whether on-prem or in the cloud.  We use tools such as user identification, role-based access control, protection of credentials, micro-segmentation, and policy enforcement on every action. The secured communications, anonymous tokens, proxy-based request management, detailed activity logs and more align with many of today’s security compliance standards.  Below we will show you how we reduce risks from specific attack vectors using these tools.

Vector of Attack: Spear-Phishing – The Embedding of Malware in Spoofed email Links and Attachments Targeting Your Organization

Spear-phishing is by far the primary method of delivering malware into an organization accounting for 69% of the infiltration that delivers ransomware. Spear-phishing will attach a file to an email from a spoofed trusted source or embed malware in a file downloaded from a trusted source’s file-sharing service link.  These two methods of file sharing are used as a spear-phishing attack vector to plant malware into your organization.  An example of extremely dangerous and common ransomware that uses Word documents with embedded malware is Conti.

Defense Against Spear-Phishing Email Spoofing – User Authentication

FileFlex Enterprise can reduce the risk of ransomware obtained via the email spoofing of a trusted source used in spear-phishing via user authentication and monitors/logs of all system activities. When files are shared or accessed via FileFlex Enterprise all users are first authenticated and verified. Using FileFlex for sending and receiving files and putting all access through user authentication can greatly reduce exposure to possible spoofing and reduce the risk of ransomware.

Defense Against Spear-Phishing Email Spoofing – Use of Virtual Data Rooms

Sometimes the spear-phishing email will spoof the email address of an outside third party to send you a malicious attachment or link.  FileFlex allows users to create virtual data rooms.  A virtual data room is a folder to which a third party can upload files.  When the third party is required to upload a file to a virtual data room they also go through FileFlex user authentication.  Receiving files via a virtual data room can reduce the use of receiving attachments via email and reduce the risk of ransomware. This folder can exist on any repository of the organizations choosing, FileFlex Enterprise will then provide this folder with cloud-like functionality, managing who has access, controlling user and group permissions with respect to viewing, uploading, editing or downloading its contents, right down to the user.

Defense Against Spear-Phishing Email Spoofing – Reduced Use of Attachments and Download Links

Using FileFlex for sending and receiving files can reduce the risk of ransomware by reducing the use of sending attachments or links via email, thus greatly reducing exposure to ransomware that is spread via email attachments.  All file & folder access, sharing, downloading, uploading, viewing, moves or changes are all facilitated through FileFlex with no need for email.

Defense Against Lateral Movement –Micro-segmentation

The zero trust architecture of FileFlex Enterprise never provides users direct access to resources.  All access is via a connector agent that acts as a proxy for the user.  Access is only allowed by role-based policy enforcement.  Users only have visibility to the storage infrastructure as allowed by IT.  They have no direct access and the entire infrastructure is dark to the user.  Share recipients only have access to the files and folders that are shared with them, again using this proxied approach.  The locations are abstracted from recipients.  The entire zero trust architecture can reduce the risk of ransomware as it reduces the implied trust zone to small and limited collections of files and folders.  That trust zone can be as small as a single file.

Vector of attack:  Stolen Credentials

Unauthorized access is a vector of attack that an adversary uses to get access to your files via the credentials of one of your users.  Since most people use the same username and password across many internet services, one of the most popular is to penetrate an unrelated party that is poorly defended and uses these credentials obtained on more hardened services.  FileFlex has many mechanisms to protect against unauthorized access such as two-factor authentication, device authentication, single sign-on, permission management, password management, share expiry and session timeout.

Defense Against Stolen Credentials – Two-factor, U2F and Device Authentication

Strong two-factor authentication and easy-to-use U2F device support using public key crypto that protects against stolen credentials. Device authentication ensures that only authorized devices can use FileFlex Enterprise. When used with login credentials, this can be used as an unobtrusive form of multi-factor authentication. The risk of ransomware is reduced from stolen credentials as credentials are only accepted when sent in conjunction with a second authentication, a U2F device or from an authenticated device.

Defense Against Stolen Credentials – Single Sign-On (SSO) (SAML)

FileFlex can reduce the risk of ransomware obtained via stolen credentials through its support of Single Sign-On providers (SSO) and SAML (Security Assertion Markup Language) open standard as well as the following custom versions from the following providers: OneLogin; Google Authenticator; Microsoft Authenticator, Microsoft Azure; HelloID; MiniOrange; Okta, TraitWare, Ping Federate and ForgeRock. This paves the way to biometric authentication as certain SAMLE providers offer this as a pre-requisite.

Defense Against Stolen Credentials – Use of Anonymous Tokens

To protect user and device credentials, FileFlex Enterprise uses an exchange of anonymous secure tokens instead. Each request between the client and the server and the connector agent is made by a secure anonymous token exchange. FileFlex changes the encryption key every session and tokens are available only per session, then another token is generated for each session and each request. The use of tokens protects user and device credentials to reduce the risk of ransomware since credentials are not stored on the FileFlex Enterprise server, the service provider or with Qnext.

 Vector of Attack:  Supply-Chain Vulnerability 

A study by Ponemon showed that 59% of organizations were affected by cyberattacks through third parties.  It shows that security holes including the ones in your supply chain need to be addressed.  That is why the US Department of Defense is moving all of its suppliers to obtain Cybersecurity Maturity Model Certification (CMMC) and the US Federal Government is using the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) to better defend the vast attack surface of their supply chains with recommended security requirements for their agreements with contractors.  A compromised vendor can be used against you to send you malware through a link, attachment or portal to gain network access.

FileFlex Enterprise has several mechanisms to protect you from receiving malware from your supply chain.  The first is our ability for distributed administration.  The multi-tenant capability of FileFlex can allow your supply chain partners to use FileFlex under your umbrella but via their administration.  Common files can be shared and accessed securely via FileFlex to reduce the risk of ransomware.  The second is the ability we give administrators to create guest accounts with restricted visitor permission controlled by their own IT.

Vector of Attack:  Man-in-the-middle, Snooping and Intercept

Man-in-the-middle, snooping and intercept is a vector of attack that is like eavesdropping. When data is sent between a computer and a server, without your knowledge an adversary can get in between, spy, and get access to your confidential files when they are in a state of transmission.

FileFlex secures all communications and encrypts all traffic via several secure processes such as user authentication (explained above), secure data transmission, role-based access and permission management.

Defense Against Man-in-the-Middle – Secure Communications via Use of Encryption and Included PKI Server 

FileFlex Enterprise protects against man-in-the-middle, intercept and snooping using 2 levels of encryption.  1) All communications are sent through AES 256 encrypted tunnels, and 2) The optional PKI server (at no additional cost) can encrypt the data stream itself from sender to receiver creating an encrypted point-to-point communication.   The included PKI server generates the encryption keys outside of system memory so even if the sender or receiver’s computer is compromised, the malicious actor cannot access the encryption keys. Protecting against man-in-the-middle prevents a cyber-criminal from intercepting communications and reduces that as a method of exploit to get network access to plant malware and ransomware.

Defense Against Man-in-the-Middle – Processes to Secure Information Access – Use of Anonymous Tokens and Connector Agents

FileFlex Enterprise protects against direct access to the organization’s infrastructure through the use of anonymous tokens and connector agents.  All requests for access to files and folders are made via anonymous tokens to the FileFlex Enterprise server who then makes requests to the connector agent. The connector agent fulfills the request, encrypts it and sends it back to the server who then sends it back to the user.  This process, which abstracts the data from the infrastructure, does not let anyone have direct access to the corporate infrastructure. In essence, the FileFlex process provides access to the data without providing access to the corporate infrastructure.  By using the connector agent as a proxy, FileFlex Enterprise protects against direct access and unauthorized access to the information.

Unlike competitive solutions, FileFlex Enterprise thus gives access to information without providing access to the infrastructure. Competitive solutions either replicate information to another server to which they have access (EFSS) or they give access to the infrastructure (like a VPN or remote desktop software). FileFlex abstracts the infrastructure from the information. This protects against direct access and unauthorized access to the organization’s infrastructure to reduce the risk of ransomware.

Defense Against Man-in-the-Middle – Request Management

When the secure data channel is established via the token exchange, it can only be established outbound and only to the FileFlex Enterprise server that the connector knows the address to. All inbound requests are refused and data can only be sent to one pre-determined address – that of the FileFlex Enterprise server. This protects against direct access to the storage infrastructure via man-in-the-middle to also reduce the risk of ransomware.

How to Reduce the Risk of Ransomware with FileFlex Enterprise – Summary 

FileFlex Enterprise uses a zero trust architecture and various security features that reduce the risk of ransomware from spear-phishing, compromised credentials, zero-day vulnerabilities, supply-chain vulnerabilities, and man-in-the-middle vulnerabilities.  It’s the use of the inherent security advantages of the zero trust approach that focuses security not on perimeter-based defenses but on users, devices and connections for remote access. Combined with user identification, protection of credentials, micro-segmentation, role-based access based on policy enforcement for every action, secured communications, anonymous tokens, proxy-based request management and IT-controlled administration make it a must-have platform in your battle against ransomware.

To learn more, read Ransomware + Unstructured Data = Double Trouble or  ZTNA, ZTAA and ZTDA – A Deep Dive,

Tom Ward is the VP of Marketing for Qnext Corp. He is an expert in the technology industry with a history of achievement. Tom holds an MBA from the Schulich School of Business at York University.