With data theft currently experienced in 10% of ransomware attacks, experts predict this trend to increase as cyber criminals look for ways to ensure ransom payment.
Remember, the bad guys are in business to make money. So, as the industry changes its response to ransomware to avoid paying the ransom, the bad guys are going to take measures into their own hands to up the likelihood they’ll get paid. It started with looking for ways to increase the number of infected machines via email takeover and lateral movement. But solid backup strategies helped to address that. Then the bad guys simply infected and waited, allowing weeks or months of backups to include their ransomware so that recovery was less an option.
Now, we’ve seen ransomware gangs group together to form extortion cartels where backend platforms are shared to facilitate an easier transition from simple ransom to “ransom plus data theft” as the attack method.
Security researchers at Emisoft warn organizations that “exfiltration+encryption attacks will become increasingly standard practice”, adding costly breach notification and remediation to the already expensive addressing of encrypted systems.
Organizations must take a proactive stance against ransomware, realizing backups are no longer the answer; instead, propping up a layered security strategy that uses Security Awareness Training to include the user as the last line of defense should malicious content get past existing security measures.
Ransomware looks like it’s going to get a lot worse before it gets better. Think prevent and not respond.