New Ransomware Encrypting and Extracting Data

Hackers are always one step ahead and this time it’s affecting cyber insurance rates. There’s a new twist to ransomware that shakes things up once again. Hackers used to only encrypt data-now they are extracting it too.

Cyber insurance used to cover the cost and fees of recovering the data from a breach or attack. There was the cost of notifications, credit monitoring, legal fees, standing up a call center to provide information to customers and even the PR costs associated with a data breach. There was a formula for dealing with a ransomware attack, things like digital forensics, equipment replacement, offsite disaster recovery operations and even the cost of downtime was figured in to the coverage provided by  cyber insurance policies.

But now, the newest threats expose businesses to both areas in a single event and not many organizations have the coverage to handle both.

According to Knowbe4, the Maze variant of ransomware really put the data exfiltration piece on the map, but other strains are following suit, including revisions to the big players, such as REvil and Ryuk. Recently, Ryuk has been found to employ a tool to exfiltrate some pretty specific data, including keywords that related to government and military operations.

On top of that, the attackers are now going after the customers of the organizations hit by the ransomware as shown in the attack against a plastic surgery clinic in Florida (a previous topic I covered).

So what does this all boil down to? Businesses need a layered approach–not only good backup and business continuity, but employee awareness training and a comprehensive cyber-insurance policy.

If you need assistance with cybersecurity services contact DarkHound at [email protected].

Image Source: https://www.pexels.com/photo/person-pointing-numeric-print-1342460/