Data theft and extortion has become a common – and unfortunately effective – part of ransomware attacks, in which gangs not only encrypt data and demand a ransom for the decryption key, but also steal information and threaten to publish it if payment is not received.
This so-called double extortion attacks have become an effective tool in the arsenal of ransomware gangswhich they use to force victims to pay, even in cases where data can be recovered from offline backups because the threat of publishing sensitive information is too great.
Any stolen data may be useful to ransomware gangs, but according to analysis by researchers at cybersecurity firm Rapid7 of the 161 reported ransomware incidents where data was published, some data is considered more valuable than others.
According to the report, the industry most likely to be exposed to customer data is financial services, with 82% of incidents involving ransomware gangs accessing this data and making threats to disclose it. Stealing and publishing sensitive customer information would undermine consumer trust in financial services companies: While getting hacked would be harmful enough in the first place, some business leaders may find it worth paying a ransom to prevent further damage from data breaches .
The second most leaked file type in ransomware attacks against financial services companies, which appears in 59% of victim disclosures, is personally identifiable information (PII) of employees and human resources data.
By targeting this information, the attackers can undermine employees’ trust in their employers, especially if they believe their personal information is in published and accessible to cybercriminalswho could use it for fraud and other cybercrime.
Another industry often targeted by ransomware gangs is the healthcare and pharmaceutical industries.
In this scenario, internal financial and accounting data is the data most frequently displayed in ransomware attacks on healthcare, occurs in 71% of the investigated incidents. Customer and patient information is also often exposed in ransomware attacks – the researchers suggest that this happens in 58% of incidents.
Health data is extremely personal and something most people don’t want to see online. Criminals know this fact and use it to pressure caregivers into paying ransom.
The combination of the sensitive nature of this information, plus the fact that hospitals and health services are vital and need to be operational, means that healthcare remains a common target for ransomware attacks.
Ransomware continues to pose a threat to organizations of all kinds and while, as researchers suggest “there is no panacea for the ransomware problem,” there are steps organizations can take to mitigate the threat.
According to Rapid7, these steps include: back up data regularly and store offline, encrypt sensitive information, and apply network segmentation so that network intruders cannot easily get around it.
Protections such as using multi-factor authentication about the network and the ability to spot possible suspicious activity before damage is done can also help protect organizations from ransomware and other cyberattacks.