Launch of Lockbit 3.0 ransomware and bug-bounty program
Recent news points to a new version of Lockbit ransomware which includes a bug-bounty program. The program offers payment in exchange for information about vulnerabilities in its own code as well as for intelligence about high-profile individuals. With cybercrime constantly on the rise, the emergence of ‘ransomware-as-a-service’ presents real cause for concern, meaning that the safeguarding of company and personal data has never been more critical.
Cyberattacks, arising from both state-sponsored groups and hacking collectives, are now inflicting unprecedented levels of damage, with figures reaching USD $6 trillion per year1. Information held on any device, and even in the cloud, is vulnerable to such threat, but there are simple and effective steps that can be taken to minimise risk and maximise protection.
Firstly, data should be encrypted and regularly backed up. Using a 3-2-1 strategy, for example, means having at least three total copies of your data, two of which are local but on different mediums, and at least one copy stored off site. This ensures that businesses always have an up-to-date record of their valuable information, and that even if it falls into the wrong hands, it remains secure.
In addition, data should be encrypted with a FIPS certified, randomly generated, AES 256-bit encrypted encryption key. AES 256 is a military-grade encryption algorithm that can be embedded into appropriate hardware as required. Confidential information stored locally on a computer or hard drive, sent via email or file sharing service, or shared via data transfer in the cloud should equally be securely encrypted.
Secondly, the encryption key should itself be encrypted within an ultra-secure Common Criteria EAL5+ secure microprocessor along with a PIN authenticated code. Storing the encryption key away from the data means that even if the data is obtained, it cannot be unlocked.
Retaining full responsibility for the encryption of sensitive information, even when stored in the cloud, will bring companies the peace of mind that comes from ensuring compliance with privacy and confidentiality laws, and ultimately, having safer data.
1 SDX Central (2021): Cisco CEO – Cybercrime damages hit $6 trillion