Ransomware gangs leaking sensitive financial information to extort organizations

Attackers will threaten to launch confidential information that might have an effect on an organization’s inventory worth to strain them to pay the ransom, says the FBI.

Young Asian male frustrated by ransomware cyber attack

Picture: Getty Photos/iStockphoto

Ransomware operators will stoop to any tactic essential to attempt to pressure their victims to acquiesce to the ransom calls for. One widespread tactic is double extortion during which the attackers threaten to publish the stolen information until the ransom is paid. Now some prison gangs have devised a twist on that kind of ploy. In a brand new report revealed Monday, the FBI warns of assaults during which ransomware teams will leak delicate data that might influence an organization’s inventory worth if the ransom goes unpaid.

SEE: Infographic: The 5 phases of a ransomware assault (TechRepublic)

Earlier than launching an precise assault, ransomware operators will analysis the supposed sufferer to search out public and nonpublic data that they’ll leverage. Such data might embody particulars about impending mergers or acquisitions and different delicate enterprise or monetary actions.

Except the ransom is paid following the assault, the criminals threaten to leak this data publicly, thereby affecting the inventory worth or making a backlash amongst traders.

“It’s not uncommon for attackers to know the way a lot money you have got accessible, how a lot insurance coverage you carry and even in case you are concerned in a merger or acquisition, as they evaluation monetary paperwork previous to unleashing the encryption malware,” mentioned KnowBe4 Safety Consciousness Advocate Erich Kron. “In some instances, these teams will wait till a vacation weekend when staffing is more likely to be slim and response instances are slowed by folks leaving city or being unavailable.”

SEE: Hackers are getting higher at their jobs, however persons are getting higher at prevention (TechRepublic) 

In its report, the FBI described just a few precise ransomware incidents during which the attackers used or threatened to make use of this tactic.

In 2020, a ransomware operator posted a notice on a Russian hacking discussion board urging hackers to make use of the NASDAQ inventory alternate to extort public corporations. A few months later, a ransomware attacker negotiating with a sufferer despatched them the next warning: “We now have additionally seen that you’ve got shares. If you’ll not interact us for negotiation we’ll leak your information to the nasdaq and we’ll see what’s gonna (sic) occur along with your shares.”

Additionally in 2020, not less than three public corporations within the U.S. concerned in mergers and acquisitions have been hit by ransomware assaults whereas conducting talks to hammer out the main points. For 2 of those corporations, the talks have been non-public.

In November 2020, an evaluation of a distant entry trojan dubbed Pyxie RAT, which regularly precedes a ransomware assault, discovered a number of key phrases in a search of a sufferer’s community. These phrases included 10-q1, 10-sb2, n-csr3, nasdaq, marketwired, and newswire.

In April of 2021, Darkside ransomware operators posted an replace on their weblog web site with a tactic designed to harm an organization’s inventory worth. The publish acknowledged: “Now our workforce and companions encrypt many corporations which can be buying and selling on NASDAQ and different inventory exchanges. If the corporate refuses to pay, we’re prepared to supply data earlier than the publication, in order that it could be attainable to earn within the discount worth of shares. Write to us in ‘Contact Us’ and we’ll offer you detailed data.”

SEE: Ransomware assault: Why a small enterprise paid the $150,000 ransom (TechRepublic) 

Whether or not to pay the ransom is a troublesome choice that each victimized group should make. In its report, the FBI reiterated that it doesn’t advocate paying the ransom as doing so encourages these kinds of criminals and would not assure that the encrypted recordsdata can be decrypted. No matter choice a corporation makes, nevertheless, the FBI nonetheless encourages victims to report any incident to regulation enforcement.

Additional, to guard your group from ransomware assaults within the first place, the FBI presents the next ideas:

  • Again up your important information and hold the backups offline.
  • Guarantee that backup copies of your important information are saved within the cloud or on an exterior machine.
  • Make sure that your backups are safe and that the info can’t be modified or deleted from the supply of the unique information.
  • Set up and replace antivirus and anti-malware software program on all programs and hosts.
  • Solely use safe networks and keep away from public and unsecure Wi-Fi networks.
  • Arrange two-factor authentication for all account credentials. Additionally, use authenticator apps reasonably than e mail verification to thwart attackers who compromise e mail accounts.
  • By no means click on on unsolicited or sudden attachments or hyperlinks in emails.
  • Allow least privilege entry for recordsdata, directories and community shares.

“Organizations, particularly these coming into delicate instances similar to these round a merger or acquisition, are sensible to deal with stopping these assaults by coping with the commonest assault vectors for ransomware, phishing emails and distant entry portals,” Kron mentioned. “Coaching customers and testing them with simulated phishing assaults, permitting them to develop into more adept at recognizing and reporting these assaults, is a key technique to decrease threat of an infection, as is making certain distant entry portals are monitored for brute pressure assaults, and requiring multi-factor authentication for any consumer logins.”

Additionally see

  • Ransomware attackers at the moment are utilizing triple extortion techniques (TechRepublic)
  • SolarWinds assault: Cybersecurity specialists share classes realized and learn how to shield your online business (TechRepublic)
  • The right way to stop one other Colonial Pipeline ransomware assault (TechRepublic)
  • Cybersecurity know-how just isn’t getting higher: How can it’s fastened? (TechRepublic)  
  • Id theft safety coverage (TechRepublic Premium)
  • Cybersecurity and cyberwar: Extra must-read protection (TechRepublic on Flipboard)  
  • Recent Articles


    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox