Data theft is now a well-established element of ransomware attacks, according to John Shier, a Senior Security Expert at Sophos. In a blog post (summarized by iTwire), Shier noted that in the past, ransomware was straightforward and transactional. Attackers would encrypt an organization’s data and hold the decryption key for ransom. If the victim paid up, the attackers would often keep their word and provide a working decryption key, which encouraged future victims to pay the ransom as well. It’s possible that data may have been exfiltrated during some of those attacks, but data theft wasn’t a central part of the attackers’ strategy.
Beginning late last year, however, some ransomware gangs began stealing their victims’ data in order to use it as additional leverage in their extortion demands. This tactic quickly caught on. Currently, most of the top ransomware operators incorporate data theft into at least some of their attacks.
“Today it isn’t uncommon to hear of a ransomware victim being extorted into paying a ransom under threat of data exposure,” Shier said. “We’ve seen some criminals use their total access to an organization’s compromised systems to pit employees against their own executives and IT department by threatening to release stolen employee data if the company did not engage with the criminals and negotiate payment.”
Because of this trend, it’s wise to treat any ransomware attack as a data breach, even if the attackers don’t publicly announce that they’ve stolen anything—there are other, quieter ways to monetize stolen data. Shier concluded that it’s not yet clear how successful this tactic will be in the long term, but this trend is certainly more damaging for victims.
“While it’s still too early to determine if this form of social pressure will be more profitable than more traditional methods, it has heralded a new era in ransomware where social pressure and shaming is being used to increase the attackers’ bottom line,” Shier said.
With ransomware attacks now affecting the confidentiality of data, organizations can’t rely solely on backups and insurance coverage to protect them from the ramifications of a ransomware incident. New-school security awareness training can help prevent these attacks at the outset by enabling your employees to avoid falling for phishing attempts.