Does Encrypting and Publishing Data Reduce the Risk of Ransomware?

For big companies that guard important data, ransomware is a big problem and crypto exasperates it.

Scenario

• A hospital has important patient information on a computer somewhere.
• Someone malicious manages to get malware installed on that computer.
• That malware zips up the private files and encrypts it with a secret password. Then it delete the originals. Maybe it sends the encrypted bundle off to a remote server.
• The only way to get the information back is to either have a backup or enter the password.
• The attacker asks for a certain amount of crypto to be sent to a certain address by a certain time or it will lock permanently.

That’s not good

Ideally the hospital would have backups and those backups would be entirely isolated from this attack. They’d patch whatever hole allowed the attacker in, restore the files, and things are up and running quickly.

But that’s really hard. It’s a challenging problem to keep your data backed up all the time while also keeping malicious actors from accessing it. It requires eternal vigilance. Software developers and network admins are human. Mistakes are going to happen.

Files can change often. Computers in the networks need to able to see and change this data. How to you keep the backups updated often enough without also making it easy for the malware to have a path to also infect the backups?

There are definitely companies that are good at it but it’s difficult and expensive.

I’m not a security expert and I’m sure actual security experts will correct me, but if the raw data is encrypted does it really matter if someone else gets it?

Extreme hypothetical: Let’s say a hospital securely encrypts data and stores it publicly. Then it publishes the hash of each file on its website. It also allows anyone in the world to download each file.

As long as they keep the key private no one can actually read anything. If someone has the file but they don’t have the private key it was encrypted with it’s just a bunch of gibberish, right?

Let’s say 100 people download every single file that they see.

What happens if someone attacks the hospital this way now? They have hundreds of backups. They download one from the public network and restore. The end.

What would that attack even look like? As long as they don’t get the private key can they even achieve anything in your private network that they can’t do at home?

Securing private keys is a separate challenge but the UX and tech for this is getting way better. Maybe an easier security problem.