Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    [Heads Up] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

    maze-ransomware-1Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers have shifted their focus to larger organizations, and they’ve been conducting long-term, targeted attacks designed to cause significant disruption.

    Well-known, skillful threat actors aren’t the only ones carrying out these attacks. Liv Rowley, a threat intelligence analyst at Blueliv, told ISMG that sophisticated malware can be easily purchased on the black market.

    “We’ve talked about [the] specialization of cybercriminals offering these tools for forever now, but it does seem like they’re becoming more common, and they’re becoming quite cheap,” Rowley said. “You can buy some of the top-named information stealers right now for $85...and that’s one of the best ones out there. So it’s definitely becoming a more accessible market.”

    Additionally, a growing number of ransomware groups are now exfiltrating data from their victims before deploying the ransomware. Some of these groups have been known to do this in the past, but they’re now using the stolen data as leverage in case the victim refuses to pay the ransom.

    Brett Callow, a security researcher at Emsisoft, told ISMG that ransomware operators are also using this stolen data to craft targeted attacks against the compromised organization’s customers and partners.

    Maze are using exfiltrated data to spear phish other companies

    “We've now got pretty clear evidence that Maze et al. are using exfiltrated [data] to spear phish other companies,” Callow said. “The problem is, many companies do not disclose these incidents, so their business partners and customers do not know that they should be on high alert. Bottom line: more companies need to disclose, and to disclose quickly.”

    It’s also worth noting that the criminals will very likely sell or use the stolen data even if the victim does pay up, so every targeted ransomware attack should now be treated as a data breach. Accordingly, organizations need to focus on preventing attackers from entering the network in the first place. New-school security awareness training can address the human side of this issue by teaching your employees how to recognize phishing and other types of social engineering.

    ISMG’s Data Breach Today has the story: https://www.databreachtoday.eu/ransomware-gangs-hit-larger-targets-seeking-bigger-paydays-a-13911

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Spear Phishing, Security Awareness Training, Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews