Ransomware warning: Now attacks are stealing data as well as encrypting it

There’s now an increasing chance of getting your data stolen, in addition to your network being encrypted, when you are hit with a ransomware attack – which means falling victim to this kind of malware is now even more dangerous.

The prospect of being locked out of the network by cyber criminals is damaging enough, but by leaking stolen data, hackers are creating additional problems. Crooks use the stolen data as leverage, effectively trying to bully organisations who’ve become infected with ransomware into paying up – rather than trying to restore the network themselves – on the basis that if no ransom is paid, private information will be leaked.

Ransomware groups like those behind Maze and Sodinokibi have already shown they’ll go ahead and publish private information if they’re not paid and now now the tactic is becoming increasingly common, with over one in ten attacks now coming blackmail in addition to extortion.

Analysing numbers of submissions to ID Ransomware – a site that allows people to identify ransomware – researchers at Emsisoft found that of 100,000 submissions related to ransomware attacks between January and June this year, 11,642 involved ransomware families that overtly attempt to steal data – or just over 11 percent.

Organisations in the legal, healthcare and financial sectors are among the most targeted by these campaigns, based on the assumption that they hold the most sensitive data.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)  

And researchers warn that the percentage of ransomware attacks which steal data could be even higher, because some will do it discreetly, potentially using the stolen information as the basis for additional attacks.

“All ransomware groups have the ability to exfiltrate data. While some groups overtly steal data and use the threat of its release as additional leverage to extort payment, other groups likely covertly steal it,” said the blog post by researchers.

“While groups that steal covertly may not exfiltrate as much data as groups seeking to use it as leverage, they may well extract any data that has an obvious and significant market value or which can be used to attack other organizations”.

The prospect of suffering a data breach in addition to a ransomware attack is worrying for organisations because even if the network is restored, the leak can cause other problems with customers or regulators.

Exfiltration and encryption attacks will become increasingly standard practice and both the risks and the costs associated with ransomware incidents will continue to increase, warned researchers.

However, it’s possible for organisations to avoid falling victim to ransomware in the first place – or at least limiting the damage it can do – by following some cybersecurity hygiene basics.

They include applying security patches to protect against known vulnerabilities, and disabling remote ports where they’re not needed and segmenting the network to stop ransomware from getting in, or being able to spread quickly around the network if it does. Organisations should also use multi-factor authentication so even if passwords are known, they can’t be used to gain access to other areas of the network.

Back-ups should be regularly made and stored offline, while organisations should also have a plan for that they’ll do in the event of ransomware compromising the network.


Source: Information Technologies -

Huawei 5G ban: UK networks must strip out equipment by 2027

SigRed: A 17-year-old 'wormable' vulnerability for hijacking Microsoft Windows Server