[Heads Up] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

maze-ransomware-1Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers have shifted their focus to larger organizations, and they’ve been conducting long-term, targeted attacks designed to cause significant disruption.

Well-known, skillful threat actors aren’t the only ones carrying out these attacks. Liv Rowley, a threat intelligence analyst at Blueliv, told ISMG that sophisticated malware can be easily purchased on the black market.

“We’ve talked about [the] specialization of cybercriminals offering these tools for forever now, but it does seem like they’re becoming more common, and they’re becoming quite cheap,” Rowley said. “You can buy some of the top-named information stealers right now for $85...and that’s one of the best ones out there. So it’s definitely becoming a more accessible market.”

Additionally, a growing number of ransomware groups are now exfiltrating data from their victims before deploying the ransomware. Some of these groups have been known to do this in the past, but they’re now using the stolen data as leverage in case the victim refuses to pay the ransom.

Brett Callow, a security researcher at Emsisoft, told ISMG that ransomware operators are also using this stolen data to craft targeted attacks against the compromised organization’s customers and partners.

Maze are using exfiltrated data to spear phish other companies

“We've now got pretty clear evidence that Maze et al. are using exfiltrated [data] to spear phish other companies,” Callow said. “The problem is, many companies do not disclose these incidents, so their business partners and customers do not know that they should be on high alert. Bottom line: more companies need to disclose, and to disclose quickly.”

It’s also worth noting that the criminals will very likely sell or use the stolen data even if the victim does pay up, so every targeted ransomware attack should now be treated as a data breach. Accordingly, organizations need to focus on preventing attackers from entering the network in the first place. New-school security awareness training can address the human side of this issue by teaching your employees how to recognize phishing and other types of social engineering.

ISMG’s Data Breach Today has the story: https://www.databreachtoday.eu/ransomware-gangs-hit-larger-targets-seeking-bigger-paydays-a-13911

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews