Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Data at Risk: 96% of Ransomware Attacks Involve Data Theft

    Warn of RansomwareA new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up.

    “As potential victims implemented more reliable backup and restoration processes, ransomware operators introduced data exfiltration as a means to apply additional pressure and protect their revenue streams,” Arctic Wolf says.

    The researchers note that even if the victim pays the ransom, there’s no way to guarantee that the threat actor won’t store the stolen data for future use or sell it discreetly on the underground market.

    The report also found that organizations in the finance and insurance sector are being bombarded by business email compromise (BEC) attacks.

    “The finance and insurance industry accounted for 26.5% of BEC IR cases, roughly double the second-place industry (legal and government, at 13.3%),” the report says. “In fact, BEC accounted for 53% of IR cases pertaining to finance and insurance — the only industry for which BEC outnumbered ransomware. Clearly, organizations that regularly exchange money and process payment details over email are in the crosshairs of BEC attacks.”

    Arctic Wolf notes that BEC attacks are fueled by social engineering, which allows attackers to bypass technical security measures.

    Phishing offers the path of least resistance in the BEC context, as a well-crafted email can trick a victim into performing actions that benefit the attacker — whether directly fulfilling the goal (e.g., transferring funds) or executing an intermediary step (e.g., providing credentials that the attacker can subsequently abuse),” the researchers write.

    “But note, also, the significant contribution of previously compromised account/credentials. These are cases in which a threat actor stole, bought, or found credentials and used these to log in to some application or system within the IT environment. In some cases, they simply logged in to the email service itself.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Arctic Wolf has the story.

     

    Return To KnowBe4 Security Blog

    RanSim

    Free downloadable software tool

    Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    RanSim gives you a quick look at the effectiveness of your existing network protection. RanSim will test 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

    RansIm-Monitor3Here's how it works:

    • 100% harmless simulation of real ransomware and cryptomining infections
    • Does not use any of your own files
    • Tests 25 types of infection scenarios
    • Just download the installer and run it
    • Results in a few minutes!

    Get RanSim!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/ransim

    Topics: Social Engineering, Phishing, Ransomware, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews