As I have been saying for a while, hackers are good at evolving.
As we see more and more ransomware attacks, a lot of the people are opting not to pay the ransom and instead deal with reconstructing their infrastructure and losing data (like police losing digital evidence and having to let crooks go).
So the hackers are in the process of evolving.
The City of Johannesburg, South Africa was hit with a ransomware attack and the attacker said that if they didn’t pay the ransom, the hackers would sell/publish the data. We are beginning to see more of this.
The city didn’t pay and we don’t know if the hackers sold the data. It is possible that it was a bluff and they didn’t have the data. Only time will tell.
But from a hacker’s standpoint, that is likely the next evolution of ransomware and they have given it a name – LEAKWARE.
The premise is that good backups don’t help. Disaster recovery plans don’t help. Business continuity plans do not make a difference.
If I was a hacker and was contemplating a Leakware attack, I would go after high value targets. Examples include banks, mortgage companies, big pharma and law firms. Also anyone with a lot of personal data like HR departments, sensitive data, financial data or intellectual property. Especially service providers (law firms, accounting firms, contract HR and similar companies fit into this category). These are companies that might go out of business if their customer’s data was published, hence they are very likely to pay a Leakware ransom.
The only solution to this is to do your best to protect your infrastructure. There are a number of ways to do this – better employee training, logging with 24×7 alerting, segmentation and many others. It takes work. It costs money, but maybe not a fortune. What it takes is making protecting your network a priority.
Source: Government Computer News