The process of cybercriminal extortion always follows the same pattern. A system is infected until the users are completely incapacitated because they can no longer access their data. The cybercriminal group behind the attack comes forward and offers a decryption key. However, this costs money. This means that a ransom is extorted from the affected company so that it can access all its data again. If the ransom is paid, the key is usually handed over.
This has been going on for several years. But something has changed. Previously, the data was encrypted by the ransomware used. This step is now skipped. Instead, the data is ‘just’ stolen.
What does data theft mean for companies?
Resourceful companies rely on a well thought-out recovery plan. Meaning: they perform regular backups and other data protection options so that they don’t have to pay in the event of an attack – after all, they can simply restore their data.
Cybercriminal groups aren’t putting up with that. They are now threatening to publish the stolen sensitive information, which can lead to enormous damage to the image and trust of the affected companies. In short, it is just as effective for cyber gangs to charge a fee for not disclosing all the stolen data. This shift in approach has been evident for the past few months.
Conti, Karakurt and Co.
The Conti gang was one of the largest and most influential cybercrime enterprises in the world. It attracted attention last fall with numerous ransomware attacks – also on German companies. Now the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of a lesser-known extortion gang called Karakurt, which is demanding ransoms of up to $13 million. Yet Karakurt does not target specific sectors or industries with its attacks.
The stolen data is not encrypted. Instead, a ransom is demanded for not publishing the sensitive information. Screenshots of the stolen data are sent to the affected companies as proof.
Companies must take precautions!
In most cases, the victims of data theft are not private individuals but companies – after all, there is a greater chance of receiving a high ransom here. This means that companies must take action. After all, the attacks can be avoided.
In fact, most attacks succeed because the relevant company systems were not patched in time. So regular security updates are a must. And not only that: the workforce must also be sensitized to the lurking ransomware danger. For example, through Security Awareness Training such as that provided by IT-Seal.
Reset your focus. Invest in prevention to avoid successful hacker attacks and extortion incidents! Contact us and get more info and successful solution strategies.