The Power of Fully Homomorphic Encryption in the Fight Against Ransomware

Ransomware is one of the most widespread and damaging cyber threats facing institutions today.  Prominently featured in most top 10 lists of significant threats, ransomware incidents have seen significant growth in 2023. Factors contributing to this rise include the ease of access to ransomware tools, over-stressed and under-resourced security teams, and a high return on investment for attackers.

Historically, ransomware focused “merely” on encrypting data, extorting money from victims in return for decryption keys that supposedly allow them to recover their information. Often, this comes with a threat of permanently destroying the key if payment is not made within a certain time. Other times, the decryption keys do not work or never existed, resulting in permanent loss of information. This lost data ranges from precious family photos to business-critical assets.  Alongside good cybersecurity hygiene and employee awareness, safe backups are one of the best ways to prevent data loss from such ransomware.

In recent years, ransomware actors have expanded their techniques to include double, triple, and quadruple extortion.

Double Extortion

In double extortion, information is not only encrypted; cybercriminals first steal sensitive files and threaten to publish them if not paid. Furthermore, groups like Snatch embarrass victim companies by acknowledging and sarcastically "thanking" employees who inadvertently granted network access by clicking on malicious links or opening malware attachments. 

Triple Extortion

Triple extortion introduces the element of using stolen data to call out and embarrass third parties, such as customers, suppliers, employees, or other stakeholders. For example, a criminal may threaten to leak private medical or HR files, potentially violating the privacy of a patient or employee, or to publish secret weapons research data with national security implications.

Quadruple Extortion

Quadruple extortion involves using stolen data to actively attack third parties, their networks and data. Attackers might use stolen API documentation and third-party risk management questionnaires, among other confidential materials, to gain entrance into their systems and continue the chain of ransomware attacks.

In an additional novel twist, in November 2023, the ALPHV/BlackCat gang filed a complaint with a US financial regulator over a victim’s failure to report a data breach. This well-publicized incident illustrates the evolving nature of ransomware threats, opening up the possibility of ever more diverse, frustrating and expensive problems for victims who do not pay. While it is unlikely that a regulator would punish a firm that has suffered exposure of medical, financial, military, or other sensitive data if it can prove adherence to good cybersecurity practices, managing the legal and public relations fallout from such a leak is an unnecessary complication for any company.

Fully homomorphic encryption (FHE) can protect against ransomware in two main ways:

1. Against classic ransomware: By encrypting data at rest and in use, and even during processing, FHE makes it impossible for cybercriminals to identify information of particular value that they can threaten to lock away or destroy.
2. Against double/triple/quadruple extortion: Encrypted data cannot be leaked, nor can it be misused to attack or otherwise disadvantage third parties. This means that victims do not suffer negative consequences from a data leak when there is no data to leak.

In conclusion, being able to work with valuable, sensitive information without exposing it to malware, either at rest, in transit, and even during processing, is akin to owning a very good safe. Even if bad actors can steal the safe, they cannot access the valuable contents inside, thus protecting you from blackmail. Fully Homomorphic Encryption stands as a crucial technological advancement in the industry and the fight against the evolving threat of ransomware. 

Vaultree has made major breakthroughs in Fully Homomorphic Encryption, setting a new global industry benchmark. With Vaultree’s technology, you can now process billions of encrypted records in real-time and at scale, with no hardware acceleration required. This opens up a new world of data security and innovation. To learn more, book a demo with us here!

Author Bio

John Salomon is an advisor to Vaultree. John has over 25 years of experience in numerous key industries across the globe. He has navigated several functions at large, international organisations like F. Hoffmann-La Roche, FS-ISAC, ABN AMRO, and UBS - from hands-on technologist to senior management executive. John's expertise includes risk management, data security strategy, compliance, operational resilience, and information security organisational development, among others. He advises organisations on how to obtain maximum ROI for their security and technology initiatives.