The common ransomware attack pattern has traditionally involved threat actors holding access to data hostage in return for a ransomware payment. There is now an uptrend in a second layer of extortion…increasingly hackers are extracting large quantities of sensitive information (such as customer, financial and employee information) and threatening publication unless ransom demands are paid. To prove that they intend to execute on the threat, a small portion is leaked on the dark web. Some attackers have even opened their own sites to publish the information stolen.
This past November, Allied Universal, an security staffing company, refused to pay a ransom of $2.3mm in bitcoin, attackers, who used “Maze” ransomware, threatened to use sensitive information extracted from Allied Universal’s systems, as well as stolen email and domain name certificates, for a spam campaign impersonating Allied Universal.
Maze’s latest victim this past week: Cognizant, one of the world’s largest providers of IT services. The type of ransomware has little to do with whether or not the attackers are using this tactic, although attackers adeptly using tools, like Maze, will be better positioned to add this layer into their arsenal.
Sadly, hospitals are prime targets for ransomware attacks given the desperate need to keep them operating in the battle against COVID-19.
What can organizations do to protect themselves?
* Back up data, preferably using air-gapped or off line storage.
* Train employees, spam and phishing emails remains the most common vector for ransomware infections.
* Limit access to information to those requiring it to do their jobs.
* Keep protections up to date, including continuous vulnerability scanning and “Next Generation” anti malware protection.
Tags: #Ransomware #CognizantRansomware