Cities and Governments are the Latest Target in a New “Leakware” Attack



This new type of attack focuses on threatening to steal and publish data on the web, asking for a ransom to be paid to keep the attackers from doing so.

Traditional ransomware-style attacks have one huge flaw; victim organizations can potentially simply recover everything encrypted from backups. But when the attack instead says “we have copies of all your critical data and will publish it online unless a ransom is paid,” it’s a different story – there is no simple recovery response. Instead organizations need to quickly determine whether the data is, in fact, in the attacker’s hands and whether it makes sense to pay the ransom.

This is the dilemma faced recently by city and state governments around the world – the City of Johannesburg and the State of Virginia are just two examples of these types of attacks.

 

ehtuj5kx0aa6y3i

 

The real challenge is that if the victim doesn’t pay, the data can be used to continue attacks on those whose personal data was included in the breach. And even if they do pay, there’s no guarantee attackers won’t sell the data to a third-party.

So, the only real answer is to take steps to make certain this kind of attack never rears its’ ugly head. Given that attackers are claiming to have network backdoors in place, access to data, and “control”, it’s logical to conclude that internal users have played some role in allowing their endpoints and credentials to be compromised as part of the attack.

Organizations must elevate the user’s level of security-mindedness through continual Security Awareness Training that helps the employee understand why cybersecurity is part of their responsibility, what kinds of attacks they should be cognizant of, and how to avoid becoming a victim.


Will your users respond to phishing emails?

KnowBe4's Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

PRT-imageHere's how it works:

  • Immediately start your test with your choice of three phishing email reply scenarios
  • Spoof a Sender’s name and email address your users know and trust
  • Phishes for user replies and returns the results to you within minutes
  • Get a PDF emailed to you within 24 hours with the percentage of users that replied

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-reply-test

Topics: Phishing, Ransomware

Subscribe To Our Blog


Anti-Phishing Guide ebook




Get the latest about social engineering

Subscribe to CyberheistNews