With ransomware now a major cyber threat for organizations everywhere, a security firm has warned that malware-based cyberattacks are now being accompanied by data theft attempts.
A new blog post by security firm Emsisoft noted that since the hacker group Maze started launching ransomware cyberattacks in 2019 that also involved name-and-shame tactics, other malicious actors have adopted the same cyberattack strategy – blurring the line between ransomware attack and data breach.
These types of attacks typically target organizations that would suffer the most harm from their data being leaked to the public. Emsisoft believes that these organizations are perceived by hackers to be “the most likely to pay [ransom] to prevent exposure.” The security firm also noted that organizations in the legal, healthcare and financial sectors have been frequently targeted by ransomware-data theft attacks.
Emsisoft cites data from ransomware database ID Ransomware, which found that between January 01 and June 30, 2020, it recorded 100,001 incidents targeting companies and public sector organizations. Of those recorded incidents, 11,642 – just over 11% – also involved data theft.
“Exfiltration+encryption attacks combine the disruption of a ransomware incident with the long term impact of a data breach,” warned Emsisoft in its blog post.
On top of the costs associated with business interruption and recovery, Emisoft cautioned that organizations facing ransomware-data theft attacks could also face regulatory penalties, reputational harm, legal actions, and negative effects on their share price. Organizations also stand to lose their intellectual property due to the theft, or their sensitive competitive information could be leaked by the cyberattackers.
Emsisoft has also urged organizations to be more prompt and more accurate when disclosing a ransomware-data theft incident. The security firm listed several examples of organizations trying to downplay the effects of a cyberattack they have experienced – the most notable being when the government of PEI reported a cyberattack in late February.
“Based on our investigation, there is currently no reason to believe that Islanders’ personal information has been affected by the malware,” the PEI government said in a statement.
However, those claims were proven incorrect after hackers published the stolen data, the blog suggested.
“An absence of evidence of exfiltration should not be construed to be evidence of its absence, especially during the preliminary stages of an investigation;” Emsisoft said, particularly when the attack involves hacker groups whose modus operandi includes data theft, such as DoppelPaymer, Maze and REvil.
“In these cases, the initial assumption should be that data may have been exfiltrated and potentially affected parties should be promptly notified of this possibility,” the security firm recommended.