WARNING: The List of Ransomware-Turned-Data Breach Operators is Getting Long



iStock-1199291222Seeing a better opportunity to generate more “revenue” from their victims, the idea of ransomware also exfiltrating data to be used to extort the payment is gaining steam.

Ransomware started as little more than a nuisance, impacting just a few endpoints. Then the idea of spreading throughout a network to infect as many machines as possible became mainstream. By this time, backup vendors had caught on and provided much-needed guidance on how to simply recover from the attack and ignore ransom demands.

So, the bad guys had to come up with a new angle – one that would ensure they get their ransom. And thus, exfiltration and extortion was added to ransomware. The fact that organizations would have their data publicly posted – not to mention the confirmation of a data breach and all the remediation costs that go along with it – was enough for ransomware operators to see increases in ransom payments.

Now, just like any software vendor today who sees the value in partnering with other organizations to improve their own offering, we’re seeing many ransomware operators jumping on the same bandwagon and even using another ransomware operator’s publishing platform to speed up their time-to-market with this “upgrade” in their ransomware.

Thus far, the list of ransomware operators is pretty lengthy and includes: AKO, CLoP, CryLock, DoppelPaymer, Nemty, Nephilim, Netwalker, ProLock, Pysa, Ragnar, REvil/Sodinokibi, Sekhmet, Snake, Snatch, and – of course – Maze. Without even knowing the specifics behind each of these ransomware variants, it should at least have you doing your best rendition of the infamous blinking guy.

blinking guy

The tide has turned where ransomware should no longer be considered a disruptive attack, using a lack of productivity as the incentive to pay. It’s imperative that it be considered a data breach – regardless of whether there is an indication of data theft or not. Organizations can no longer take the chance and need to proactively take steps to stop these attacks from occurring.

Most ransomware still enters the organization via phishing attack. This makes the user either the perfect asset for the attacker or for the organization. What determines whose side they’re on is whether the user falls for the phishing scam or is already vigilant and sees right through it. User that have gone through Security Awareness Training are educated on such attacks, the social engineering methods used to fool them, and what steps to take should they suspect they are the target of a phishing-based attack.

Stopping ransomware is mission critical today. Ensuring your users play a role is the key.


Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/nuclear-ransomware

Subscribe To Our Blog


Ransomware Has Gone Nuclear Webinar




Get the latest about social engineering

Subscribe to CyberheistNews