Hackers using ransomware to extort money from victims used to have a fairly straightforward playbook: gain access to the victims data, encrypt it and promise to decrypt it for the ransom. That by itself caused all kinds of havoc.
From Laporte, Indiana to Baltimore, Maryland, companies and municipalities found themselves scrambling to figure out how to decrypt their own data, or whether or not they should pay the ransom. And as bad as things got, these victims still had one thing going for them. While they couldn’t get to their data, nobody else could either, so at least it was safe from widespread public disclosure. Not anymore.
According to Bleeping Computer, there has now been a series of three different ransomware attacks, Sodinokibi, Maze, and now the latest one, Nemty, which plan to leak data if the ransom isn’t paid. And if you don’t think these hackers are serious, “the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.” The victim? “Artech Information Systems, who describe themselves as a minority- and women-owned diversity supplier and one of the largest IT staffing companies in the U.S.”
Do these attackers release all the data at once. Not a chance. They always keep some for leverage. For instance, “After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made.”
This new ransomware attack method puts victims at double risk if they try and keep the attacks quiet. “By trying to hide these attacks, and the theft of employee, company, and customer data, companies are not only risking fines and lawsuits but are also putting personal data at risk.”
The really bad news? “This practice of using stolen data as leverage is not going to go away and is only going to get worse. Expect to see more ransomware operators began to utilize this practice as it becomes the norm in attacks.”
Has there ever been a better reason to invest in phishing protection software? No matter what a company pays for email security, it will have a large return on investment (ROI) when compared to the alternative. The crazy thing is, phishing protection software doesn’t even cost that much. Only pennies per month per employee. Do you think the folks at Artech Information Systems or Allied Universal wish they had made that investment?
Don’t wait to discover how awful this new generation of ransomware attacks is, Make the small investment in Phish Protection with Advanced Threat Defense. It comes with real-time link click protection, malicious attachment blocking and sets up in 10 minutes. It requires no hardware, no software, no maintenance and works with all major email providers. Now is the time. Request a demo right here.