Recently, ransomware operators have adapted their tactics. The reason why? Organizations are learning and changing their practices: they are now better prepared to face and internally tackle a ransomware attack (manual restoration, backups, etc.), and less prone to pay the ransom.
In order to force their victims to nevertheless pay their ransom, more and more ransomware operators have themselves changed their modus operandi, veering towards a more aggressive approach by leaking online the sensitive data they accessed and stole through their attack if the ransom is not paid.
What does it mean for organizations? Ransomware no longer only implies a loss of data if the organization does not have the procedures and tools to restore it without paying the ransom. It also means that, even if they do, they run the risk of seeing their sensitive data (from personal data to business confidential data, trade secrets, etc.) disclosed, putting them, their employees, customers and partners at serious risk.
Organizations therefore need to adapt their practices again. Cyber security experts suggest a thorough proactive multi-layered approach to securing your organization from ransomware attacks which, to be effective, should include:
encryption of your data (which can then not be read, protecting you against a threat of disclosure);
associated with back-ups, disaster recovery planning and an efficient ransomware protection. On that last point, several features in addition to standard file screenings and fail-safe backups may strengthen your protection, such as for example Honeypots files (fake files that appear to contain sensitive data, aiming at ‘luring’ the ransomware, which are coupled with an automated lockdown when ransomware encryption of such Honeypot files is detected).
Original post: RANSOMWARE: an escalating threat