Ransomware attacks have become one of the most feared cyber threats in recent times. Cybercriminals are increasingly leveraging sophisticated technologies, including artificial intelligence (AI), to execute highly effective and near-flawless attacks. The growing sophistication of these attacks makes them difficult to counter, leaving many victims with no option but to pay hefty ransoms to regain access to their data.

However, what if there was a way to break ransomware encryption using cloud computing? This might sound improbable, but a recent breakthrough has proven otherwise.

In a remarkable achievement, an Indonesian programmer successfully decrypted Akira ransomware encryption using cloud computing resources, offering a beacon of hope for future victims. This breakthrough demonstrates that paying a ransom may not always be the only solution to ransomware attacks in the future.

According to reports, Indonesian citizen Yohanes Nugroho was handed an encrypted file from Akira ransomware by a friend seeking assistance. In just 10 hours, Nugroho managed to decipher the encryption algorithm, setting a precedent for other ethical hackers to take on the challenge of breaking into the encryption schemes of notorious ransomware gangs.

As detailed in an update shared on Telegram, Nugroho leveraged the immense processing power of GPUs to crack the Akira ransomware’s encryption. He discovered that the malware developers used 1,500 permutations and combinations to scramble encryption keys before securing them with RSA-4096 encryption. However, by harnessing GPU capabilities, which can process 60 million permutations and combinations per second, he successfully overcame the encryption—a process he described as being as simple as making a cup of coffee once the right approach was in place.

To accomplish this, Nugroho used the GPU computing power provided by RunPod and later employed Vast.ai resources to complete the task within a short span of 10 hours. His work emphasizes the potential to further simplify the decryption process, making it more accessible with the development of automated computational tools.

Historically, law enforcement agencies worldwide have been engaged in similar efforts to develop ransomware decryption methods. However, cracking encryption keys has always been an arduous and time-consuming process. Now, thanks to the integration of AI-driven approaches and the availability of powerful GPU computing resources on demand, decrypting ransomware-encrypted files seems more feasible than ever.

This technological advancement could significantly reduce the downtime associated with ransomware attacks, helping organizations and individuals recover their data without succumbing to ransom demands. If further refined, such techniques could serve as a game-changer in the fight against cybercriminals, minimizing the devastating impact of ransomware attacks on businesses and critical infrastructures worldwide.

The post Akira Ransomware encryption breached with cloud computing appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/SiCbvg5
via IFTTT

The internet, as we know it today, is built on flawed architecture, it is bidirectional. Every online action – whether it be browsing, shopping, or socialising – comes at the risk of cyberattacks in the form of phishing, malware and vulnerability exploitation. This duality is a consequence of its bidirectional nature, you can get to the resources you want, but the unintended consequence is external resources and attackers can get to (and compromise) you. Being directly reachable is the very heart of the problem. This creates the need for a radical shift in how we connect, share and manage data within a cloud-first, AI-driven world.  

Enter Network 2.0 and with it a unidirectional approach to connectivity based on Zero Trust principles, which can revolutionise security and data management. In such a model, users are treated as “objects” without an external presence and resources are pulled rather than pushed, granting full control over who they connect with or reject. This simple yet powerful shift can restore the internet’s original purpose as a platform for education and genuine information sharing, free from the interruptions of intrusive marketing or malicious actors. It is also a technology model we have seen before – some of us may still remember the telephone switchboard of days gone by and some of the first proxy based technology architectures. 

A colleague of mine used to boast he had a zero trust mobile phone (the modern equivalent of a telephony switchboard). What he meant was that he had added context as part of the call screening processes. Only known contacts could call him.  This meant that even if someone had access to his phone number the call would not connect.   A modern equivalent on social media would be snapchat as an example. The relationship between a person and their snapchap account is a disconnected one, and is transitively shielded by an arbitrary user chosen username.  Another snapchat user would have to know both the username and be a member of your allowed contacts in order to converse with you.  A subtle shift. So why not do this for everything?

But what does this mean in practice? 

A new era of connectivity and data sovereignty

At its core, Network 2.0 is designed to empower individuals with control over their digital interactions. This is known as connectivity sovereignty. By adopting principles similar to Zero Trust, users choose when and how to engage with others online. Any communication request requires explicit permission, effectively neutralising traditional threats like phishing. Wouldn’t it be nice to be able to trust our email again knowing it can only be pulled from a genuine source rather than pushed en-mass as part of a malicious campaign. 

In order to be effective Network 2.0 must consider far more than a simple connectivity shift, it must also consider where data is stored. Currently data about us is not held by us. It is actually gathered, curated and largely distributed by and between large organisations. In a very practical way individuals have very little control over information about them. This has not gone unnoticed by governments across the world. In today’s geopolitically charged environment, governments are increasingly focused on data sovereignty. This recognises the need to regulate citizens’ data within national borders and protect it from external interference at scale.  

Personal data is routinely surrendered to large corporations and stored in vast databases who we hope will adequately secure it.  On the other hand, Network 2.0 treats personal data as exactly that, we keep it ourselves and only permit access to those who we need to see it, the fundamental difference however is that it never leaves our possession and is viewed when we allow it to be.   Consider for a moment that when we visit a medical practitioner, we rely on them to store and recall information about us when we visit for an appointment – but why store it with them, they do not need the data in between appointments.  History shows us that major stores of sensitive information are regularly targeted and compromised. They represent very attractive high value targets in consolidated quantities – but what if the data was no longer held at a macro level, but rather at the micro level. 

This fundamentally changes our relationship with data, as companies need explicit consent to access personal information.

This shift can be visualised by breaking it down into a hierarchical model of data management:

• Data droplets: These are individual users who own and control their personal data through encrypted storage solutions.
• Data puddles: These droplets then aggregate into localised datasets that comply with regional regulations, minimising risk exposure.
• Data lakes: Larger datasets, used for analytical purposes, that combine puddles under strict controls, including anonymisation techniques.

This three-step segmentation not only adheres to regulations like the European Union’s General Data Protection Regulation (GDPR) and the AI Act but also mitigates the risks associated with centralised data storage.

Challenges and considerations

The transition to Network 2.0 undoubtedly has its challenges. For a start it will challenge the ability for companies to use direct marketing to our inbox or leverage datasets to analyse data about us as individuals. Arguably this would fundamentally change the financial relationship between companies and its consumers. 

We have however seen seismic shifts in data accountability before, credit card handling is an example of one of them.  PCI legislation forced organisations to surrender credit card information. At the time organisations could not imagine operating online without storing credit card information, but today those same organisations operate perfectly well and probably sigh a relief of no longer having the responsibility of keeping those information assets at all.  

So why not do this for all PII information? Many organisations are still entrenched in legacy systems and decades old business processes, and it would be daunting convincing stakeholders of the need for change. True transformation requires continuous adaptation and every now and again the rule books have to be re-written.  Legislation do play no small part in forcing some of these changes through. 

In my view the adoption of a connectivity shift at the individual level is far more achievable in the short term than expecting organisations to surrender the data they hold about us. For now at least we must continue to rely on organisations doing a better job at protecting our data on our behalf. But the green shoots are appearing with organisations recognising security needs to play a greater role.  

This requires cultural change within organisations – a process that is already happening. Network teams are increasingly reporting directly to security teams, rather than infrastructure teams. This signals that security is no longer an afterthought, but an integral part of the network strategy. Of course, implementing new technologies and architectures requires technical skills as well as a willingness to embrace change. Significant effort is required to train and upskill IT teams.

Steps for implementation

To make a successful transition to Network 2.0, organisations can take a number of practical steps:

1. Embrace Zero Trust: This foundational security framework, which mandates verification before granting access, forms the core of Network 2.0. Every user and device must be authenticated, regardless of location or network.

2. Champion data sovereignty: Implement solutions that allow individuals and organisations to control their data while ensuring compliance with evolving data sovereignty regulations. Technologies that enable data segmentation, secure sharing, and robust access controls are key.

3. Prioritise data classification: Not all data is equally sensitive. By categorising data based on its importance, organisations can apply tailored security measures to protect the most critical information.

4. Adopt a data blast radius approach: Strategically distributing data across multiple locations limits the impact of potential breaches. This approach, inspired by disaster recovery planning, minimises the risk associated with centralising data in a single location.

Reimagining a secure, user-centric digital ecosystem

The reason Network 2.0 is so exciting is that it’s so much more than a technological upgrade; it’s a fundamental redesign of the digital ecosystem. It can put us all in control of our digital lives and promote a safer internet by design, one that prioritises privacy, security and personal agency. 

To get closer to this future, collaboration between business leaders, technologists and policymakers is essential. The journey to Network 2.0 may be complex, but the potential it offers – a safer, more resilient and user-centric digital world – is not only worth the effort, but will shape just how much control we have over our increasingly embedded technological environment.

 

 

The post Reimagining the future of connectivity with Network 2.0 appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/y97a4de
via IFTTT

In today’s digital world, data security and privacy are more critical than ever. With the increasing number of cyberattacks, data breaches, and privacy concerns, individuals and organizations alike are seeking solutions to protect sensitive information. One such solution that is gaining significant traction is decentralized data storage.

What is Decentralized Data Storage?

Decentralized data storage is an innovative method of storing data across a distributed network, rather than relying on a single centralized server or data center. Instead of putting all your data in one location, decentralized storage systems spread data across multiple nodes within the network. These nodes can be computers, servers, or devices owned by individuals or organizations, each contributing a portion of their storage capacity to the network.

Popular examples of decentralized storage platforms include IPFS (InterPlanetary File System), Filecoin, and Storj, which use blockchain technology and peer-to-peer (P2P) networks to ensure secure, reliable, and private storage of data.

Benefits of Decentralized Data Storage for Security and Privacy

1. Enhanced Data Security

Centralized data storage systems are prime targets for hackers. Since all data is stored in a single location, cybercriminals can breach the system and gain access to vast amounts of sensitive information. With decentralized data storage, however, data is spread across various nodes, making it significantly more difficult for malicious actors to access the entire dataset.

Moreover, decentralized networks often employ end-to-end encryption, ensuring that data remains secure even when it’s being transmitted across the network. This means that only authorized users with the correct decryption keys can access the data, offering a higher level of protection against unauthorized access.

2.Reduced Risk of Data Breaches

Data breaches have become a major concern for both individuals and businesses, leading to compromised customer information, financial losses, and damaged reputations. In centralized storage systems, a single breach can expose vast amounts of data at once. Decentralized data storage reduces this risk because data is fragmented and stored across different locations. Even if one node is breached, it doesn’t expose the entire dataset, reducing the potential impact of a breach.

3.Better Control Over Data Privacy

With decentralized storage, users retain full control over their data. Traditional centralized storage providers, such as cloud services, often control the data and can access it for maintenance or other purposes, which can raise privacy concerns. In decentralized networks, data owners control the encryption keys and decide who has access to their information. This means that users can keep their data private and secure without relying on a third-party entity to manage their privacy settings.

4.Immutability and Transparency

Decentralized data storage systems, particularly those leveraging blockchain technology, offer a high level of immutability. Once data is stored on the blockchain, it cannot be altered or tampered with, ensuring data integrity. Additionally, blockchain provides transparency, allowing users to track where their data is stored and who has access to it, enhancing trust and accountability in the storage system.

5.Resilience Against Censorship and Data Loss

Centralized systems are vulnerable to data censorship, outages, and even government intervention. With decentralized storage, there’s no single point of failure, making it more resilient to system shutdowns, government regulations, or corporate decisions to restrict access to data. Furthermore, decentralized networks are less likely to experience data loss, as copies of the data are distributed across various nodes. If one node fails or is compromised, other nodes can continue to host the data.

6. Cost-Effectiveness

Decentralized storage can also be more cost-effective than traditional cloud storage. Since data is stored across a distributed network of nodes, the costs associated with maintaining physical data centers are reduced. Users can also rent out unused storage space on their devices, creating a more affordable and scalable solution for both consumers and businesses.

Challenges of Decentralized Data Storage

While decentralized storage offers numerous advantages for data security and privacy, it is not without challenges. One key issue is data availability. If a node storing critical data becomes unavailable, retrieving that data might be difficult. However, many decentralized storage platforms are working on solutions, such as creating multiple replicas of data across different nodes to ensure continuous access.

Another challenge is the complexity of managing decentralized systems, which can be more difficult for non-technical users. However, as the technology matures, user-friendly platforms and interfaces are likely to make decentralized storage more accessible.

Conclusion: The Future of Data Security and Privacy

As data security and privacy concerns continue to grow, shifting to decentralized data storage is proving to be a promising solution. By dispersing data across a distributed network, decentralized storage systems offer enhanced security, better privacy control, and protection against data breaches. With the growing adoption of blockchain technology and peer-to-peer networks, decentralized data storage is set to play a crucial role in safeguarding sensitive information and empowering users with greater control over their data.

For those concerned about the security of their data in the traditional cloud, decentralized storage offers a viable alternative. As the technology continues to evolve, it will likely become a mainstream solution for individuals and organizations looking to enhance their digital security and privacy.

The post Shifting to Decentralized Data Storage: The Key to Better Data Security and Privacy appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/JEhZcUu
via IFTTT

Sydney, Australia, March 19th, 2025, CyberNewsWire

Sydney-based cybersecurity software company Knocknoc has raised a seed round from US-based venture capital firm Decibel Partners with support from CoAct and SomethingReal.

The funding will support go-to-market, new staff, customer onboarding and product development. The company has appointed Adam Pointon as Chief Executive Officer.

“The opportunity here is limitless,” Pointon said. “You’d be hard pressed to find an organisation that couldn’t benefit in some way from using Knocknoc.”

Knocknoc orchestrates network infrastructure to remove risk exposure by tying users’ network access to their SSO authentication status.

By selectively opening network connections to users on a just-in-time basis, Knocknoc eliminates attack surface and solves compliance challenges. Knocknoc prevents would-be attackers from being able to connect to the types of network devices and applications that are prone to falling victim to zero-day attacks.

Customers use Knocknoc to protect VPNs and firewalls, IP cameras, payroll systems, file transfer appliances, bastion hosts and other applications and network services. Knocknoc is also easy to use with cloud-based infrastructure.

It can also be used on internal networks to add multifactor authentication to legacy systems to satisfy compliance requirements.

Knocknoc has also appointed Decibel Partners Founder Advisor and Risky Business Media CEO Patrick Gray to its board of directors.

“Knocknoc is a terrific way for organisations to quickly and easily reduce their exposure to the types of attacks that are plaguing enterprises right now,” said Gray. “It’s simple, quick to implement and delivers an immediate benefit.”

Knocknoc is already in use in Australian and US critical infrastructure, large telecommunications networks and media companies.

The Knocknoc founders are Andrew Foster, David Kempe and Adam Pointon.

More information at https://knocknoc.io

Contact

Cofounder & CEO
Adam pointon
Knocknoc.io
hello@knocknoc.io

The post Knocknoc Raises Seed Funding to Scale Its Just-In-Time Network Access Control Technology appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/AMOLKZQ
via IFTTT