RANSOMED FOR SURE!
Ransom as a demand for kidnap for humans and then data is becoming multi-dimensional by the day, way beyond one could have ever imagined. The choice between pay or not to pay has become more intriguing / complex / tedious & worrisome. It has crossed the limits of losing money or a cost benefit analysis of losing the data or the illegality of it. Ransomware gangs are putting the victims totally in a spot.
The game changer has been upping the ante making their attacks cause multifarious damage to the victim organisations. They have already started publishing data stolen from the victims who refuse to pay the ransom. Cybercriminals behind Maze ransomware created a website in less than 48 hours that identifies recent victim companies who opted not to pay the ransom and had decided to rebuild their operations.
The website discloses initial date of infection, MS Office, text and PDF files, total volume of files exfiltrated from victims, IP addresses and machine names for servers. The change in operational tactics took place just days after Sodinokibi / REvil hackers expressed on the Dark Web that they would publish the same. This new change in Maze operations came to notice in November, when they published 700 MB of sensitive data after infecting Allied Universal Systems on a data hacking forum.
Not paying ransom also means that the company is making its customers data available for identity theft or more. With sensitive data at stake, organisations can face steep fines and stiff penalties. With stolen data in the public domain, there is no way these companies can defend themselves. Data scenario is getting more complicated by the day. Organisations are left with no choice but to treat cybersecurity incident as a serious issue. Response, recovery and prevention should be made a design element.
AUTHENTICATED STOLEN DATA ON PUBLIC DOMAIN WOULD BE A GAME CHANGER.