Ransomware Recovery

SplitSecure is a distributed hardware security module. What that means is that we take secrets like keys and credentials and split them across multiple devices, leveraging the hardware security claims of each device. This allows us to offer superior claims to traditional hardware security modules, while being cheaper, more performant, and easier to manage.

How does that help with ransomware recovery? SplitSecure can protect backups. According to Sophos research, in 75% of ransomware attacks, the attacker successfully compromises at least some of the backups during the attack. Worse, in over a third of cases (39%) the attacker gains full control of the backup prior to the attack, giving enterprises no choice but to pay the ransom.

This can lead to a form of ransomware attack called the double extortion, where the attackers gain full access to the backups and are able to search them for damaging information. When the enterprise pays the ransom to get their data back, they’re hit with a second threat – blackmail. Under these circumstances, it’s no surprise that 59% of enterprises targeted by ransomware agree to pay the ransom.

SplitSecure prevents this by serving as an access control platform for enterprise backup systems, ensuring the attacker cannot compromise them. If your backup provider is supported by SplitSecure, or if they support custom handling of relevant keys and credentials, SplitSecure offers best-in-industry claims for backup credential protection.

SplitSecure’s approach to this problem has two main advantages: Human Error Prevention, Least Privilege Access, and Access Auditing.

Human Error Prevention

The most common way ransomware attackers gain access to enterprise backup systems is through human error on the part of employees. Keys, credentials, or other backup-critical secrets are stored incorrectly, enabling the attacker to steal them.

With SplitSecure, it is impossible to store the secret incorrectly because the secret is not stored. SplitSecure splits secrets into shares which are then kept on the SplitSecure team devices. These devices can be isolated from the internet when not in use to prevent remote access, and each of these shares has no value to an attacker unless combined with the others.

SplitSecure is the simplest way to ensure it is impossible for key employees to misplace secrets critical to enterprise-wide backups.

Least Privilege Access

With SplitSecure, the user never accesses the secret directly – they specify an action that should be performed with the secret, and it is that action the team approves. The SplitSecure trusted execution environment provides strong assurances that only the specified action can be performed, preventing escalation of privilege.

This makes it possible for security teams working with enterprise-critical backups to perform routine actions without ever exposing the secret. Actions like key rotation, restore-from-backup drills, and regular checks to ensure the backups are functioning can all be performed without risk an attacker could access the key.

Access Auditing

SplitSecure's cryptographic protocol guarantees all actions will be logged – the act of logging provides cryptographic information required to execute any action, so unlogged actions cannot be performed. In the context of protecting enterprise-critical backups, this means that all actions relating to the backups are retained in an auditable log.

This allows enterprises to build strong processes around logged data. For instance, an enterprise could ensure that their backups are tested at least once a month by using the audit log to confirm this operation was performed. Unauthorized access attempts can be reviewed by the security team with strong assurances that all access attempts are logged.

SplitSecure’s audit logging is both a security feature and an enterprise feature. It allows customers to have strong assurances they know exactly what’s happening with their backups – and to build best practices on top of that assurance.