Another Day, Another Ransom
I can’t wait for the day I stop talking about ransomware. Unfortunately, it’s not going to be anytime in the near future. There are many different variations in the victims’ profiles and the type of institutions targeted; it’s very hard to predict what we’ll see next. But no matter how diverse the problem, the same “solutions” are provided by subject matter experts. These often involve the question of whether one should pay the ransom or not.
Let’s go back in time about three years ago when the Wanna-Cry Ransomware was wreaking havoc on large corporations, like FedEx. There was a relatively unknown hacking group known as Dark Overlord (who eventually became really well known) that was targeting small medical clinics around the United States with ransomware. It was the typical scenario. The hackers froze the clinics’ records, then demanded payment in bitcoin to return access.
This time there was a little twist.
If the payment was not received by the hackers they would release the medical records on the dark web where they would be exploited by other cybercriminals.
As an FBI Agent who handled cybercrime for decades, I’ve become all too familiar with these types of cases. This was standard modus operandi for the bad guys; making a veiled threat in an attempt to pressure the victim into making the ransom payment. When the victim called their bluff and did not pay the ransom, the cybercriminals released the data into the dark web.
However, there was one thing that jumped out at me in this situation that the media failed to cover.
If cybercriminals can install ransomware on a computer network, then they have the ability to steal your information. Since this specific incident I’ve brought it up during countless presentations and briefings. I always ask the audience if they consider ransomware a data breach and most often the response is no. This is incorrect.
There was a story the other day in the media that the cybercriminals behind the Sodinokibi Ransomware released files stolen from one of their victims since the ransom was not paid in time. The victim was a large IT Staff company and approximately 337MB of sensitive stolen information was posted on a Russian hacker and malware forum.
In the world of information security, the term CIA Triad is used often.
The three terms that make up the CIA Triad are:
- Confidentiality- Preventing the theft of data
- Integrity- Preventing unauthorized changes of data
- Availability- Preventing the users from accessing their data
Ransomware is considered an availability issue and in many cases it has been drilled into organizations that iron-clad data back-up protocol is a critical step.
Let us remember that backing up your data does nothing to protect it; anyone can still steal the information and hold it ransom.
I believe we are going to see an uptick in these types of attacks. Just you wait and see. Before you run out to get the latest product, or hire a consultant- check out what the FBI was telling companies to do almost three years ago. Until then as you plan your strategy going forward, remember if the cybercriminals can impact your network with ransomware then they have the ability to steal your data! Stay cyber-safe!