Turning ransomware attacks into data breaches if the ransom isn’t paid, what’s being called exfiltration+encryption attacks, can be damaging on multiple levels. In the first half of this year 11 percent of ransomware attacks have adopted this tactic.
ID Ransomware, a website and free tool that allows ransomware victims to upload a ransom note or sample encrypted file to identify the ransomware used against them, had over 100,000 submissions between January 1 and June 30, 2020. Over 11.6 percent of those submissions were related to groups that steal data. Legal, healthcare and financial sector organizations have been some of the most frequently targeted, as these organizations are among the most likely to pay a ransom to avoid public exposure of breached data.
These exfiltation+encryption attacks are damaging for organizations as they may be dealing with both a ransomware attack and data breach bundled into one event. Ransomware attacks are associated with business interruption and recover costs while data breaches can lead to regulatory fines, brand or reputational damage and loss of competitive information or intellectual property.
Even if a victim organization pays up to avoid the stolen data being sold or leaked, this doesn’t guarantee the hackers won’t sell it anyways, or just use it themselves. Is there honor among thieves? Even if so, paying the ransomware attacks may prevent the stolen data from being released or sold but not prevent the hackers or fraud ring from using it directly for spear phishing and business email compromise (BEC) attacks.