Ransomware is one of the most immediate threats faced by organizations today. Data theft and extortion have become a regular but influential part of ransomware attacks. Cybercriminals steal sensitive information and threaten to publish it online if they do not meet the ransom demands, in addition encrypting data and demanding payment for the decryption key. Victims of ransomware attacks have three options following an attack: either pay the ransom, try to remove the ransomware, or wipe the system(s). Typically, victims are shown instructions on how to pay the ransom to get the decryption key. Depending on the victim, the costs can range anywhere from thousands to even millions of dollars, payable in untraceable cryptocurrency.
Cybercriminals have adopted the so-called double extortion attacks, leveraging them to force victims into making payments. Not only do they hold data hostage for money, but they also threaten to share the data online to extract more money from organizations. Any data stolen is a potential weapon for ransomware groups.
According to the cybersecurity researchers at Rapid7, of 161 disclosed ransomware incidents where data was published, some data was seen as more preferred than others. The analysis suggests Financial Service sector resulted in the most data publicly exposed with 82% of the data published pertaining to their customers. The second most-exposed type of file in ransomware attacks against financial services firms is human resources data and personally identifiable information (PII), featured in 59% of disclosures from victims.
Another sector that commonly finds itself in trouble is healthcare and pharmaceutical. In 71% of the examined incidents reported, accounting data and internal finances data were the most preferred as a result of a ransomware attack. Patient and customer data also appeared to be commonly exposed, accounting for 58% of the victims’ disclosure.
Health data is personal, and no one would want their health history readily available online. Cybercriminals know the pain points of victims and use this fear to pressure healthcare organizations and workers into paying the ransoms.
Also Read: How You Can Mitigate Damage and Recover from Ransomware Attacks: Microsoft
While there is no bullet-proof plan to mitigate ransomware attacks, organizations can adopt some security recommendations to prevent such attacks. Rapid7 suggests the following steps:
- Make regular and consistent backups and maintain either offsite or cloud backups
- Encrypt sensitive data
- Use multi-factor authentication across your network
- Prioritize highly sensitive, or restricted data for extra protection
Earlier this week, Microsoft revealed how its AI technology is used in fighting ransomware attacks. The tech giant designed the AI protections to trigger at the earlier stages of ransomware attacks when the malware begins to encrypt devices.
More on Cybersecurity:
For more information, visit https://blog.excellimatrix.com/ or follow us on Facebook & LinkedIn or Contact us at 406-646-2102 and get your questions answered.