Expect to See Data Theft as Part of More Ransomware Attacks in the Future

Stu Sjouwerman | Jul 17, 2020

ransomware data theftWith data theft currently experienced in 10% of ransomware attacks, experts predict this trend to increase as cyber criminals look for ways to ensure ransom payment.

Remember, the bad guys are in business to make money. So, as the industry changes its response to ransomware to avoid paying the ransom, the bad guys are going to take measures into their own hands to up the likelihood they’ll get paid. It started with looking for ways to increase the number of infected machines via email takeover and lateral movement. But solid backup strategies helped to address that. Then the bad guys simply infected and waited, allowing weeks or months of backups to include their ransomware so that recovery was less an option.

Now, we’ve seen ransomware gangs group together to form extortion cartels where backend platforms are shared to facilitate an easier transition from simple ransom to “ransom plus data theft” as the attack method.

Security researchers at Emisoft warn organizations that “exfiltration+encryption attacks will become increasingly standard practice”, adding costly breach notification and remediation to the already expensive addressing of encrypted systems.

Organizations must take a proactive stance against ransomware, realizing backups are no longer the answer; instead, propping up a layered security strategy that uses Security Awareness Training to include the user as the last line of defense should malicious content get past existing security measures.

Ransomware looks like it’s going to get a lot worse before it gets better. Think prevent and not respond.

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.