Thursday, January 30, 2020

More Ransomeware Perpetrators Release Stolen Data to Force Payments


A couple of weeks ago, I made a post regarding how some Ransomware hackers were threatening to release stolen data as a way to compound victims fears and force them to pay.  Many organizations and law enforcement agencies were arguing *against* paying ransom as they that simply encouraged more attacks.  Also victims who had good backups could simply reformat their hard drives and install those good backups instead of paying.

To combat both of those strategies, Ransomware criminals began to first copy and steal data from victims prior to encrypting the victim’s drives.  The Ransomware proves that the system was compromised and the criminals then threaten to release all the stolen data so that it can be found and viewed by anyone with an Internet connection.

Website Ars Technica has been following this situation closely and is reporting that a criminal group, The Maze Ransomware Ring, has begun publicly posting breached data on the Internet.

At the latest count, around 25 different victims are being listed on The Maze website with small glimpses of the data that was stolen.

The idea of course is to force payment.  As I am typing this, I’m currently unaware of any reliable solution to this problem short of not having it happen in the first place.  Of course the problem here is that, like my grandfather used to say, “locks keep honest people honest”.  Most vulnerabilities are only discovered *after* someone exploits them and they are patched accordingly.  The best advice I can give here is to patch your systems as soon as updates are released and to have you and your employees be aware of social engineering tactics that can be used to gain access to your data.

1 comment:

  1. I think people are looking at this incorrectly. If a ransomware author has your patient data and is threatening to release it, you've already passed the goal posts of "have I been breached?" and "do I need to notify patients?".

    There's no point in paying the random at that point because you already have to notify. It's an empty threat.