As if holding your data hostage for large sums of money wasn’t bad enough, cybercriminals are now starting to publish data stolen from those victims who don’t pay up after ransomware attacks.
According to internet security journalist Brian Krebs, several well-known hacker groups have signaled that they plan to start publishing the kidnapped data on public websites. That will identify their victims that have chosen to rebuild rather than submit to the ransom demand.
Earlier this week, hackers behind the Maze Ransomware strain started a public website that lists the company names and websites for eight victims that declined to pay.
According to Krebs, that information includes the date of infection, Microsoft Office, text and PDF files, the total volume of files stolen, IP addresses and machine names of infected servers.
Krebs cited Lawrence Abrams, founder of security blog BleepingComputer.com, who said ransomware attacks now need to be treated like data breaches. That can have huge implications for your business, especially if the status quo is to try to keep ransomware attacks quiet.
“Even though this should be considered a data breach, many ransomware victims simply swept it under the rug in the hopes that nobody would ever find out,” Abrams said. “Now that ransomware operators are releasing victim’s data, this will need to change and companies will have to treat these attacks like data breaches.”
According to Krebs, this shift in how ransomware attackers operate can add on to the problems companies already face for failing to report data breaches, especially for U.S. healthcare providers who are legally required to report incidents to the federal government.
“While these victims may be able to avoid reporting ransomware incidents if they can show forensic evidence demonstrating that patient data was never taken or accessed, sites like the one that Maze Ransomware has now erected could soon dramatically complicate these incidents,” Krebs wrote.
Data should always be backed up and stored on a separate device so hackers aren’t able to hold that ransom as well, but there are several things you can do to prevent ransomware attacks in the first place.
What to do to prevent ransomware attacks:
- Update your computer. Vulnerable applications and operating systems are the target of most ransomware attacks, so you should make sure you and your employees are equipped with the latest versions of your company’s operating systems.
- Tread lightly when you click. Pay attention to the domain on links, especially when they’re emailed to you. Malicious websites will look almost identical to one’s your familiar with but may be slightly misspelled or use a different domain from the legitimate site. The same goes for opening email attachments, especially when they’re compressed files or ZIP files.
- Speaking of emails, verify the email is legitimate by reaching out to sender directly via a previous legitimate email from the same sender.
- This goes without saying, but you should be equipped with the latest antivirus software, firewall and email filters.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!