Three More Ransomware Families Join the Extortion Game

ransomwareAs ransomware creators look for ways to ensure they get paid for their malicious efforts, many are taking a page from the Maze ransomware manual and are posting stolen data if not paid.

Ransomware has evolved from a nuisance, to a productivity killer, to a material business disruption, and now to a full-fledged data breach attack. Back in December of last year, the Maze family of ransomware adopted a new attack angle – threatening to post a set of stolen data to a specific website if the ransom wasn’t paid. With the threat being massive operational disruption and a data breach to contend with, organizations would seem sufficiently motivated to simply pay up.

Fast-forward to today, and three additional families have adopted the same technique. According to BleepingComputer, Sodinokibi/REvil, Nemty, and DoppelPaymer now all include the same style of “pay or we publish” tactic embedded as part of their attack.

There are two big concerns here. The first is that organizations need to recognize that this will grow as a trend and, should they be attacked with ransomware, there are very few outs here. Second, ransomware as an attack now must be considered a data breach; some subset of the organization’s data is stolen as part of the attack in order to both prove to the organization they have it, and to post should the ransom not be paid.

Organizations need to take a proactive stance against these kinds of attacks by addressing their two most common attack vectors – RDP access and phishing attack. RDP is easy – stop opening up remote access to the Internet (See? Easy.) Phishing attacks require both a layered set of security solutions designed to detect and stop malicious content, and Security Awareness Training to educate the user on how to quickly spot both suspicious and obviously malicious email content before clicking on attachments and links, and launching what can be a ransomware-turned-data-breach attack.

Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cybercriminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews