Companies attacked by ransomware often face a dual threat: Even if they avoid paying the ransom and are able to recover everything from scratch, about half the time attackers threaten the weather. reveal stolen sensitive data unless the victim pays for the data deletion promise. Despite the notion that victims can have any real expectations that attackers will actually destroy stolen data, new research shows a large number of visible victims. some or all of the stolen data is published.
The findings are in a report today from Coveware, a company that specializes in helping vendors recover from ransomware attacks. Coveware says nearly half of today’s ransomware cases include the threat of releasing filtered data.
“In the past, when ransomware victims had a full backup, they would just restore and move on with their lives; There is no reason to engage with the threat, ”the report commented. “Now, when a threat agent steals data, a company with perfectly recoverable backups usually has to at least engage with the threat agent to determine what data was taken.” .
Coveware said it has seen plenty of evidence that the victim saw some or all of their stolen data released after paying to delete it; In other cases, data is released online before the victim even has a chance to negotiate a data deletion agreement.
The report went on to say: “Unlike negotiating to get the decryption key, negotiating to prevent stolen data has no finite end. “Once the victim receives the decryption key, it cannot be taken away and it won’t degrade over time. With the data stolen, the threat agent can return a second payment at any time in the future. Tracking records are too short and evidence that selective defaults occur is being collected. “
The company said it advises customers never to pay a ransom for data deletion, but should ask an authorized security attorney to investigate whether the data was stolen and notify any customer. Affected under the advice of consulting attorneys and application data breach notification laws.
Fabian WosarRansomware victims often accept ransomware requests to release data when they are trying to keep the public from knowing about the breach, said Emsisoft, chief technology officer at computer security firm Emsisoft.
“The bottom line is, ransomware is a business of hope,” Wosar said. “The company doesn’t want the data dumped. So they pay for it hoping the agent threatens to erase the data. Technically, it doesn’t matter whether they delete the data or not from a legal standpoint. Data was lost at the time it was retrieved. “
Malware victims, Wosar said, are paying for a digital key to unlock their malware-encrypted servers and desktop systems are also looking to hope, because It’s not uncommon for the decryption key to fail to unlock some or all of the infected machines.
“When you look at a lot of ransom notes, you can actually see teams that deal with this very directly and have texts saying things along the lines, Well, now you’re damn it. But if you pay us, things can go back to before we catch you. “
Tags: Coveware, Emsisoft, Fabian Wosar, ransomware
This entry was posted on Wednesday, November 4th, 2020 at 2:32 pm and submitted under A Little Sunshine, Ransomware. You can follow any comments to this item through the RSS 2.0 feed. You can skip to the end and leave a comment. Ping is not currently allowed.