Ransomware is More About Extortion, Less About Encryption

When we think of ransomware attacks, we think usually of hackers denying an organization access to its own data until it pays a ransom. In 2020, we saw a new trend emerge: beginning with the Maze ransomware group. Now hackers didn’t just encrypt data, they also stole portions of it and threatened to release it publicly if payment wasn’t made. It seems that now back-ups alone will not be enough to help save your organization from a ransomware attack.

Wired magazine predicts for 2021, we will see an increased trend away from a “spray and pray” approach to ransomware attacks to ones known as “big-game hunting.” As we saw in 2020 with attacks on Garmin and Canon, hackers will continue to target large organizations with a greater ability to pay large sums to keep their data.

In addition, hackers are finding new ways to terrorize C-level executives of organizations. A recent ZDNet article mentions a new emerging trend of “stealing data from workstations used by top executives and managers in order to obtain “juicy” information that they can later use to pressure and extort a company’s top brass into approving large ransom payouts.” ZDNet claims they first learned of this information from a phone call with a company that made a large payment to the Clop ransomware gang. “Similar calls with other Clop victims and email interviews with cybersecurity firms later confirmed that this wasn’t just a one-time fluke, but instead a technique that the Clop gang had fine-tuned across the past few months.”

This new attack vector is looking for “personally damaging” information on executive computers in the hopes that they can find enough embarrassing information to force an executive to authorize a ransomware payment. In some cases, the hackers may not even have any damaging information, but are hoping that the victims fall for the scam. Bill Siegel, CEO and co-founder of security firm Coveware, told ZDNet, “They [the ransomware groups] make all sorts of threats about what they may or may not have. We have never encountered a case where stolen data actually showed evidence of corporate or personal malfeasance. For the most part, it is just a scare tactic to increase the likelihood of payment. Let’s remember these are criminal extortionists. They will say or claim all sorts of fantastical things if it makes them money.”

Expect 2021 to continue to be an absolute boom for ransomware: it isn’t going to go away anytime soon. Ransomware works well for these hacker organizations because businesses keep paying. So, what can you do to reduce the impact on your business? Engage with a trusted MSSP to help you build your cyber security plan. An MSSP like Uzado can help you put the right tools in place to help you protect your network environment, as well as consult on cyber awareness for your staff and table-top exercises to help you respond to an event.