[Heads Up] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

maze-ransomware-1Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers have shifted their focus to larger organizations, and they’ve been conducting long-term, targeted attacks designed to cause significant disruption.

Well-known, skillful threat actors aren’t the only ones carrying out these attacks. Liv Rowley, a threat intelligence analyst at Blueliv, told ISMG that sophisticated malware can be easily purchased on the black market.

“We’ve talked about [the] specialization of cybercriminals offering these tools for forever now, but it does seem like they’re becoming more common, and they’re becoming quite cheap,” Rowley said. “You can buy some of the top-named information stealers right now for $85...and that’s one of the best ones out there. So it’s definitely becoming a more accessible market.”

Additionally, a growing number of ransomware groups are now exfiltrating data from their victims before deploying the ransomware. Some of these groups have been known to do this in the past, but they’re now using the stolen data as leverage in case the victim refuses to pay the ransom.

Brett Callow, a security researcher at Emsisoft, told ISMG that ransomware operators are also using this stolen data to craft targeted attacks against the compromised organization’s customers and partners.

Maze are using exfiltrated data to spear phish other companies

“We've now got pretty clear evidence that Maze et al. are using exfiltrated [data] to spear phish other companies,” Callow said. “The problem is, many companies do not disclose these incidents, so their business partners and customers do not know that they should be on high alert. Bottom line: more companies need to disclose, and to disclose quickly.”

It’s also worth noting that the criminals will very likely sell or use the stolen data even if the victim does pay up, so every targeted ransomware attack should now be treated as a data breach. Accordingly, organizations need to focus on preventing attackers from entering the network in the first place. New-school security awareness training can address the human side of this issue by teaching your employees how to recognize phishing and other types of social engineering.

ISMG’s Data Breach Today has the story: https://www.databreachtoday.eu/ransomware-gangs-hit-larger-targets-seeking-bigger-paydays-a-13911

Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews