This new type of attack focuses on threatening to steal and publish data on the web, asking for a ransom to be paid to keep the attackers from doing so.
Traditional ransomware-style attacks have one huge flaw; victim organizations can potentially simply recover everything encrypted from backups. But when the attack instead says “we have copies of all your critical data and will publish it online unless a ransom is paid,” it’s a different story – there is no simple recovery response. Instead organizations need to quickly determine whether the data is, in fact, in the attacker’s hands and whether it makes sense to pay the ransom.
This is the dilemma faced recently by city and state governments around the world – the City of Johannesburg and the State of Virginia are just two examples of these types of attacks.
The real challenge is that if the victim doesn’t pay, the data can be used to continue attacks on those whose personal data was included in the breach. And even if they do pay, there’s no guarantee attackers won’t sell the data to a third-party.
So, the only real answer is to take steps to make certain this kind of attack never rears its’ ugly head. Given that attackers are claiming to have network backdoors in place, access to data, and “control”, it’s logical to conclude that internal users have played some role in allowing their endpoints and credentials to be compromised as part of the attack.
Organizations must elevate the user’s level of security-mindedness through continual Security Awareness Training that helps the employee understand why cybersecurity is part of their responsibility, what kinds of attacks they should be cognizant of, and how to avoid becoming a victim.