Blog
Lara Montoya Laske
Ransomware attacks cost businesses an average of $4.62 million (according to a study from IBM), excluding the actual ransom payments, making data protection a critical priority. The main expenses stem from downtime and recovery, with businesses taking an average of 22 days to resume operations post-attack.
According to a research commissioned by Sophos, despite efforts to combat ransomware, the rate of attacks remains level, affecting 66% of organizations in the past year alone. From media giants like the BBC to global airlines such as British Airways, no industry is immune to the threat.
In this blog post, we explore the need for enhanced cybersecurity measures and we explain how confidential computing helps against ransomware.
Throughout a ransomware attack, additional malware is often introduced, granting attackers control over the victim's network. During the attack, attackers can gather information about systems and users, targeting specifically high-value victims. Some attackers also steal data before encryption, using it as leverage to pressure victims into paying. This dual threat is the key reason why ransomware attacks are so damaging for companies, that generally have to rebuild their entire systems from scratch and then regain the trust of customers afterward.
Confidential computing is a new technology that enables encrypting data even during processing, not just at rest or in transit, by leveraging the latest CPUs from Intel and AMD. These processors, equipped with Trusted Execution Environments (TEEs), ensure all data remains encrypted in memory at runtime. Additionally, confidential computing enables workload integrity verification through remote attestation, utilizing cryptographic certificates. This combination of runtime memory encryption and remote attestation ensures secure data processing, even on external computers. For further information, read our whitepaper on confidential computing or our wiki.
Confidential computing itself cannot prevent ransomware attacks, as it doesn’t offer protection from threats such as phishing or malware. However, ransomware attacks usually happen to data stored in on-prem data centers. The "State of Ransomware 2021" study found that on-premises servers were predominantly targeted by ransomware attacks.
Confidential computing offers a solution to this, enabling the most secure way to migrate to the cloud. By ensuring encryption at runtime, it protects data during and after migration, preventing unauthorized access, even by cloud providers and admins. Moreover, isolation from the infrastructure side steps cloud-specific security vulnerabilities. Malicious actors are blocked at every stage of the data lifecycle.
Constellation is an open-source confidential-computing software that turns public clouds like AWS, Azure, Google Cloud Platform, and others, into your private clouds. Constellation enables lift & shift for existing containerized workloads and shields your cloud deployments completely using the latest confidential-computing technology. Additionally, against ransomware, Constellation offers confidential storage. In most cloud storage solutions, encryption is supported, but it typically occurs at the storage backend and is managed by the cloud provider. This means that users must trust the provider with the security of their data. Constellation addresses this concern by providing confidential storage on top of AWS S3 buckets and compatible cloud-storage offerings like Google Cloud Storage.
In conclusion, confidential computing is an enabler to securely migrate to the cloud, which provides more secure safeguards against ransomware attacks. On top of that, Constellation is a software that allows for data encryption even against the cloud provider, so that data is also protected from infrastructure-based attacks. Thanks to encrypted backups and confidential storage, the public cloud actually becomes the safest place for your data. Contact us through this form if you want to know more about Constellation or our other products.
