Ransomware: Not Just for Encryption Anymore, Now Used for Data Breaches

When it comes to ransomware, a cyber-criminal's objective is to gain access to company files or networks, encrypt said data so that the business cannot access their precious files, and then, as the name insinuates, hold the entity hostage until they pay up a ransom to retrieve their data. But, ransomware isn’t just about encryption of data anymore -- it has also become a weapon in cyber-criminal's arsenals as a means of data breach attack.

Don't Want to Pay Up? It may make the situation worse.

Most of the time when a company is hit by a ransomware attack, they are willing to pay up in order to retrieve their important data. Cybercriminals know that if the payment were to be received and the data not returned, they would never get paid a ransom, so typically, it is a sure-fire way to regain access to your data if you pay up. However, many companies do not have the desire to put money in criminals' pockets and they refuse to pay, essentially calling the hackers' bluff. Obviously, these malicious actors do not like this sort of response -- they were banking on a pay day after all -- so what they have begun doing is releasing private information to the public when they are not paid. Lack of payment for a ransomware attack turns it into a data breach.

Massive Ransoms and Maze Malware Strain

In December of 2019, the city of Pensacola, Florida was hit by a ransomware attack. This particular strain of ransomware is known as Maze ransomware and the associated ransom for this particular attack was $1 million. This is also the same strain of malware which is believe to have targeted businesses in California also in December of last year. The Maze strain of ransomware is even more malicious than other types because this particular malware not only holds hostage important data, but it also copies the files to servers under the attackers’ control before encrypting the local copies. The hackers involved in the Pensacola attack reported that they prefer this particular ransomware strain as the copies of vital information give them the upper hand in negotiations, which is evidenced even further in the California attack.

The California company which got hit by the same malware as the Florida city is Allied Universal. They were hit by an even more grandiose ransom of approximately $2.3 million, and they unfortunately did not deliver said ransom to the hacking group which took hold of their data via Maze ransomware by the given deadline. Because of this, the malicious actors who hit the company with that ransomware turned around and published almost 700 MB worth of data and files taken from the company in the attack. This was reportedly 10% of the information stolen, but the group threatened to release all of the data if the company didn't fork over even more money, as the group increased the ransom yet again.

Ransomware used to gain information for Spear Phishing Attacks

Not only do cyber-criminals hope to get paid massive amounts of money by taking hold of company data, but many have begun using the information gathered from a ransomware attack as data which can be manipulated and used within aggressive phishing attacks to breach a company further. Spear Phishing emails are worse than a regular phishing email attack, which is usually more generic so as to be sent to a massive number of people, because it is a more targeted scam, targeting specific individuals, organizations, or businesses.

Ransomware attacks put a company's private information on display for the hackers who access said data -- they can then turn around and use this data, even after a company has paid up its ransom, to dupe an employee, customer, manager, vendor, patient, or anyone else associated with that specific company and then gain access to a company's networks again and thus a data breach ensues. Because of this, many organizations want corporations that are infected by data breaches to report said breaches immediately once the issue is made known to the company, however, this can also be a company's downfall, making them vulnerable to further cybersecurity issues.

Tips for Protecting Against Ransomware as a Data Breach Tool

• Ensure all cybersecurity measures are up-to-date -- This includes anti-virus and anti-malware solutions as well as operating systems, software, and applications.
• Beef up your cyber-defenses before hackers gain access to your data -- Not only should companies make sure that their cyber-defenses are up-to-date, but if a company feels it is lacking in cybersecurity, they should reach out to local cyber companies for guidance on how to protect their private data even further. You can never be too safe when it comes to protecting your company and customer data.
• Look out for phishing emails, this is a common doorway for ransomware and data breach attacks -- As mentioned above, ransomware can be used to spark spear phishing attacks, however the opposite it also true, where phishing attacks are used to gain entry into a company's networks and databases which is then taken hostage of and used to gain a ransom. Phishing scams should be avoided for a multitude of reasons and this is yet another.
• Back up data regularly -- Not only this, but also ensure these are double checked and secured as fiercely as the original copies. It also helps to ensure that they are not connected to the computers and networks they are backing up.
• Create a continuity plan in case of attack -- If your company is put in the unfortunate situation of being hit by a ransomware attack, be sure to have a continuity plan in place in order to ensure your business is not entirely disrupted by said attack. The FBI has a guidance in place of notifying them and other cybersecurity related entities of a ransomware attack or data breach as soon as it happens. The government entity also tells victims of ransomware to not pay up as it is not a guarantee of retrieval of company documents.

Image by Rawpixel for Freepik