The latest ransomware attacks, including the Sams malware that targeted businesses in Australia, India and Brazil, are not just making the headlines for encrypting their victims’ data; they are also threatening to leak the private financial information of their victims to extort money from the companies themselves. Since businesses have become targets of such extortion attempts, security experts are warning organizations against paying the ransom and instead working with law enforcement agencies to get involved in identifying and prosecuting these cyber criminals before they strike again. Here’s what you need to know about this new threat vector.
What is a ransomware gang?
A ransomware gang is a group of individuals who use ransomware to extort money from organizations. These gangs typically target large organizations with large amounts of sensitive data. In order to extort the money, the ransomware gang will leak the organization’s sensitive financial information. This puts the organization in a difficult position as they now have to choose between paying the ransom or dealing with the fallout from the leak. Furthermore, it has been seen that once one member of the gang leaks some information to make an example out of an organization, other members may follow suit. So far, this type of attack seems to be largely targeting larger companies. However, smaller businesses and households could also be targeted if they lack cyber security protections such as backups and good antivirus software. It is advised that all users install updates for their computer software regularly so that vulnerabilities can be patched before a hacker exploits them.
Types of sensitive data leaked
Ransomware gangs are increasingly turning to extortion by leaking sensitive financial information in order to extort organizations. The most common type of data leaked is payment card data, followed by personally identifiable information (PII) and account login credentials. In some cases, ransomware gangs have also leaked health records and trade secrets. The gang members responsible for the leak typically demand a ransom in Bitcoin or another cryptocurrency in exchange for not releasing the data publicly. If no ransom is paid, they will release the leaked data online. Additionally, other criminal groups may purchase this information on dark net markets before using it to perpetrate fraud against an organization’s customers. As such, victims often report that they can’t distinguish whether their breach was due to a cyber attack or an insider theft.
How do they get the data?
These gangs typically gain access to an organization’s network through phishing emails or malware-infected websites. Once they’re in, they use malicious software to encrypt important files and demand a ransom from the organization in exchange for the decryption key. In some cases, the gangs will threaten to leak sensitive data if their ransom demands are not met. This type of extortion can be especially damaging to an organization because it not only results in financial loss, but also jeopardizes the safety and security of its customers or clients.
Examples of such attacks
According to a recent report, ransomware gangs are increasingly turning to extortion by leaking sensitive financial information in order to get organizations to pay up. This type of attack can be extremely damaging, not only because it can lead to the loss of sensitive data, but also because it can tarnish an organization’s reputation. Organizations that have been extorted this way have had their names released to the public, along with the fact that they were susceptible to extortion due to lack of adequate cyber security measures. In some cases, entire networks were shut down until ransom demands were met.
Are there other approaches?
There are other approaches that ransomware gangs are taking to extort organizations. Some are resorting to physical threats and even doxxing their victims. In addition, some groups are now offering their services as ransomware-as-a-service, providing the tools and support needed for other criminals to launch attacks. It’s important for organizations to be aware of these evolving trends so they can better protect themselves. It’s imperative for companies to continue upgrading their cyber security infrastructure, educating employees on new attack vectors, practicing security best practices and having a strong backup plan in place. Continued investment in cyber security will only strengthen an organization’s defenses against cyber attacks.