Ransomware Plus Exfiltration: Encrypt Your Data Before Someone Else Does
Ransomware Plus Exfiltration: Encrypt Your Data Before Someone Else Does. Hire a Hacker As if ransomware attacks weren’t already a big enough problem—infecting millions of computers and draining billions of dollars every year—a new development has made the threat an even greater concern. Starting in late 2019, a hybrid variety of cyber attack has emerged, in which traditional ransomware tactics are combined with data exfiltration. Attackers notify their victims that if they fail to pay the ransom demand, not only will data on the infected systems remain encrypted, but the attackers will expose highly sensitive data to the public as well.
Hire a Hacker Redefining ransomwareThough it’s been a problem for years, ransomware was—until now—at least a problem that organizations could deal with internally. The goal for attackers was simply to infect and encrypt as many systems as possible, and the more complex task of stealing data wasn’t part of the scheme. But like other cyber threats, ransomware has evolved, and attackers have begun to exfiltrate sensitive files before encrypting and shutting down the systems they infect.
This new twist on an already-serious threat began to make headlines in the fall of 2019, under names including Maze and DoppelPaymer. Security staffing firm Allied Universal saw 700MB of sensitive data exposed in November, and Visser Precision, a manufacturer for defense contractors and SpaceX, had nondisclosure agreements, missile antenna schematics, and other sensitive files exposed a few months later. Other large corporations and government offices have also reported attacks.
Dealing with the threat Until now, the ransomware defense plan was fairly straightforward: patch your software, avoid phishing, detect malware, and keep everything backed up. In many cases, a well-prepared organization could hope to survive a successful attack without paying a ransom. But now that
ransomware operators are beginning to exfiltrate data before encrypting it, the landscape has changed.The added threat of data exposure means that organizations need an additional layer of defense: company-controlled encryption for the data most likely to be targeted. Hire a HackerAttackers using the exfiltrate-and-ransom model are sophisticated enough to know which data will hurt their victims most. Rather than grabbing the first files they see, they seek out top-secret product designs, proprietary computer code, confidential HR files, and other data that a typical organization would do anything to keep from public view. But if those files are already encrypted, they deny the additional leverage attackers are trying to gain. All an attacker will accomplish by exposing the files is to demonstrate that the victimized company has proper data protection in place.What if you pay?There’s no universally-accepted answer to the question of whether an organization should pay the ransom after a ransomware attack. Less-sophisticated ransomware can often be defeated without a payment, and in many cases victims never recover their data even after paying.
In other cases, however, companies quietly pay the ransom and regain access to their data, hoping to minimize the damage to their operations and reputation. Here again, old strategies may not be enough to address the new reality. Ransomware operators often make the argument that they can be trusted to provide decryption keys once they recieve payment, because their “business model” depends on it—if word gets out that they don’t follow through on their end of the deal, the next victim will have no incentive to pay. But even if an attacker provides decryption keys upon payment, how can they prove that they’ve followed through on a promise to delete the data they exfiltrated? And how could they ever be trusted to do it, when they could make an additional profit by selling the stolen data to someone else?The only way to know that exfiltrated data is safe from misuse is to know that it was protected by strong, persistent encryption before it was exfiltrated. Encryption isn’t a complete answer—firewalls, antimalware, and then some, will continue to be necessary—but by locking down its highest-value data in advance, an organization can protect itself against the worst consequences of this emerging threat.For those of you who have experienced the worst of Ransomware attacks in the form of WannaCry and Petya and believe that the worst is over; you never know what may await you on the other side of this New Year. Hire a HackerWhile the recent threat analysis reports by Quick Heal Security Labs suggest a significant decline in Ransomware attacks, it cannot be considered dead yet. In fact, the reason for this significant decline in Ransomware attacks can instead be attributed to the substantial growth in Cryptojacking or Cryptocurrency mining malware. One such prominent malware and threat distributor of 2018 being Emotet – a highly sophisticated cryptocurrency mining and banking Trojan.Well, the price of digital currencies has grown exponentially over the past couple of years, which is one major reason for cybercriminals to dramatically shift their attention to cryptojacking. Besides, it is less risky and a comparatively simpler & secretive means of mining illicit money, till the time the infection is discovered.Given this simplicity-to-mine, malware authors are increasingly replacing Ransomware with cryptojacking to mine easy targets like Monero (an open-source cryptocurrency) via malvertising, spear phishing, etc. After all, which hacker would want to resist a steady flow of income that a stealthy malware like cryptojacking can ensure and hence it’s boosted popularity.
Does that simply mean Ransomware is no more an option? May be not. With the evolving threat landscape, even Ransomware is metamorphosing in the form of new variants of attacks. Like the recently observed RDP brute-force attack which is basically a kind of Ransomware attack that makes use of RDP. Attackers simply scan a list of IPs to find the default RDP port and launch a brute-force attack, which is basically a trial & error technique of guessing User name and Password. Once attackers gain access, they can easily bypass the system’s antivirus and infect the system.Not to forget, GandCrab Ransomware – one of the most wide-spread cryptovirus found to have infected over 50,000+ nodes. While this cryptovirus had been in the wild since January, it has only kept evolving ever since.Thus, even though Ransomware may seem to have become dormant, it’s much advanced variants still pose a significant amount of threat and it could just be too early to belittle the potency of Ransomware any time soon.
It’s time to take a hard look at the key areas of protection and make sure you are covered. Good strategies around Endpoint, Gateway, Mail, and Staff Security Training should be reviewed quarterly. The next good step should be data encryption. Encrypting as much of your data as possible makes it useless if it does get exfiltrated. Many organizations have signed on to Full Disk Encryption, but this is doing nothing for data that is on servers and actively used workstations. The next area to investigate is if you are using folder encryption, how do you handle files that don’t make it to the encrypted areas, or when copies of files are both encrypted and not encrypted. Encryption everywhere solves this problem and might be easier to implement than you think.The bottom line is, improving your security posture takes time and budget. We can help you prioritize your need based upon your security risk profile. We can also help you to make the case to non-technical management in ways that make business sense. You may need to send an email to peeptraque@gmail.com to get the Peeptraque Data Exfiltration Prevention Software.
Hire a Hacker data exfiltration preventionmaze ransomwaredata exfiltration techniquesdata exfiltration indicatorssigns of data exfiltration