MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

By Byron V. Acohido

All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”

One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt.

Related video: Why it’s high time to protect unstructured data

Ironically, many victimized companies are paying hefty ransoms to decrypt unstructured data that may not be all that sensitive or mission critical.

I talked with Jonathan Sander, Chief Technology Officer with STEALTHbits Technologies, about this at Black Hat USA 2018.

The New Jersey-based software company is focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data. For a drill down on our conversation about unstructured data exposures please listen to the accompanying podcast. A few takeaways:

Outside a database

Structured data can be human- or machine-generated, and is easily searchable information usually stored in a database, including names, Social Security numbers, phone numbers, ZIP codes.

Unstructured data (also human- or machine-generated) is basically everything else. Typical unstructured data includes a long list of files—emails, Word docs, social media, text files, job applications, text messages, digital photos, audio and visual files, spreadsheets, presentations, digital surveillance, traffic and weather data, and more. In a typical day, individuals and businesses create and share a tidal wave of this information.

The main difference between the two is organization and analysis. Most of the unstructured data generated in the course of conducting digital commerce doesn’t get stored in a database or any other formal management system.

For structured data, users can run simple analysis tools, i.e., content searches, to find what they need. But with no orderly internal framework, unstructured data defies data mining tools. Most human communication is via unstructured data; it’s messy and doesn’t fit into analytical algorithms.

Ransomware target

There is a mountain of unstructured data compared to a molehill of its structured counterpart. Gartner analysts estimate that over 80 percent of enterprise data is unstructured and is growing up to 65 percent a year, enticing cyber criminals to mine the mother lode.

With unstructured data, out of sight is out of mind, leaving it ill protected. As organizations step up their security profiles, most resources are directed at protecting big, enterprise data and closing the loopholes that hackers have been exploiting. So criminals changed their tack and unstructured data was there waiting to be plucked.


The bad guys’ first forays into using ransomware to infect unstructured data were so successful that they stepped up their efforts—and reaped big rewards, Sander says.

“There are a million successful ransomware attacks a month,” he says. Ransomware “is encrypting files, unstructured data.” And when bit coin entered the digital landscape about three years ago, it further propelled the proliferation of ransomware attacks on unstructured data.

Since unstructured data is a byproduct of productivity, the problem is endemic in any type of organization, and the more successful the business, the worse the problem.

Smart steps

While there is nascent technology for analyzing unstructured data, these solutions are still fairly primitive. In the meantime, organizations can take steps to leave themselves less vulnerable. Here are some ways:

•Basic inventory. Most organizations don’t know the whereabouts of their unstructured data. In a 2017 Forrester Consulting study of data security professionals, 62 percent said they had no idea where their unstructured data resides. The first step for IT departments is to locate files and do some cleaning.

•Delete data. This is the best method of minimizing the potential attack surface. This task can be automated. “Tons of unstructured data that ransomware is encrypting doesn’t need to be there,” Sander says. “It’s easier to leave stuff in the basement than going through it and getting rid of it.” The added benefit is that by deleting data, a company can save money on storage.

•Revoke access rights. Learn who has access to what data and why. Only give permission to those who really need it to get the job done. Often, too many people have free rein.

Beyond reducing exposure, deleting unnecessary unstructured data also helps an organization meet compliance requirements. As the EU’s General Data Protection Regulation (GDPR) takes effect, any company in the world with EU clients or customers must meet stringent rules on handling and storage of personal information. By paring down unstructured data, a company can reduce its risk of facing onerous fines for noncompliance.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Last Watchdog’s Denise Szott contributed to this report.

(Editor’s note: LW has provided consulting services to STEALTHbits Technologies.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone