Aabyss Blog Heading Background

    News & Opinion

    Gain the edge on the world of business technology and cyber security

    Hackers strike again with a new Ransomware plot.

    Posted by Andrew Allen | 30-Dec-2019 10:06:28
    nikita-kachanovsky-OVbeSXRk_9E-unsplash
    • Ransomware gangs have signalled to publish the data stolen from victims who refuse to pay the ransom.
    • Cybercriminals behind the Maze ransomware have erected a website on the public internet that identifies recent victim companies that opted not to pay a ransom.

    Ransomware gangs have now upped the ante of their attacks to cause massive losses for victim organisations. They have signalled to publish the data stolen from victims who refuse to pay the ransom.

    Making the matter worse

    While the destruction is slowly in progress, cybercriminals behind the Maze ransomware have erected a website on the public internet that identifies recent victim companies that opted not to pay a ransom and chose to rebuild their operations.

    The website which was created in less than 48 hours, currently includes the eight affected companies and their corresponding websites. All these victim companies had declined to pay a ransom demand, thus making their customers’ data viable to identity theft and more.

    This new change in the tactic of Maze ransomware operators came to notice only in November when it infected Allied Universal systems and later released 700MB worth of sensitive data on a hacking forum after the firm refused to pay the ransom demand.

    More insight into the stolen data

    To make it worse, the site has also exposed several volumes of files and documents belonging to each victim companies.

    The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly ex-filtrated from victims as well as the IP addresses and machine names of the servers infected by Maze.

    Other cybercriminals are also in a row

    This change in the operation of Maze ransomware operators comes just days after the cybercriminals responsible for managing the Sodinokibi/REvil ransomware posted on a popular dark web forum that they also plan to publicly publish the stolen data of victims who fail to pay ransoms.

    As part of the operation, UNKN, the public-facing representative of REvil ransomware, claimed to have stolen files from the CyrusOne data centre before encrypting their network.

    The bigger picture of data loss

    With sensitive data at stake during ransomware attacks, organisations can face steep fines and other penalties for failing to safeguard their customers’ data. However, these victims may be able to avoid the penalty if they can show forensic evidence demonstrating that customers’ data was never accessed but with the sites like the one that Maze ransomware has now erected, situations can turn more complicate.

    To pay or not to pay is the question

    The key aspect is that organisations should treat a cybersecurity incident as a serious issue. For this, they should be well-planned and prepared. The security personnel and employees should quickly and effectively know how to respond and recover when faced with a ransomware attack. It is always better to be prevent incidents than to later be looking for a solution.

    Microsoft suggests that there is no guarantee that encrypted data will be restored even after the victim pays the ransom.

    “We never encourage a ransomware victim to pay any form of ransom demand. Paying a ransom is often expensive, dangerous, and only refuels the attackers’ capacity to continue their operations; bottom line, this equates to a proverbial pat on the back for the attackers. The most important thing to note is that paying cybercriminals to get a ransomware decryption key provides no guarantee that your encrypted data will be restored. The most important thing to note is that paying cybercriminals to get a ransomware decryption key provides no guarantee that your encrypted data will be restored,” Microsoft explains in its blog post.

    We're Aabyss and we can better secure your all-important data

    If you’re concerned about your cyber security and protecting your private data, we can help.

    We’re Aabyss and we have years of experience in supporting small-medium businesses with cyber security challenges. We’ll get to know your business and create the most appropriate solution to meet your technical requirements.

    If you have any concerns, please contact the team today.

    Source: https://cyware.com/news/to-pay-or-not-to-pay-organizations-are-in-a-bind-as-ransomware-gangs-adopt-a-new-tactic-104879af

     

    CTA-Banner-Aabyss-3

     

    Topics: Cybersecurity, Technology

    Written by Andrew Allen

    My personal and business life. I am lucky to have supportive friends and family, and although I am competitive, I try to put others first. I am an active Rotarian, helping support local and international charities. As a former member of Mountain Rescue, I enjoy spending time with my family in the mountains. We regularly travel to experience new cultures and cuisine; I’m a bit of a foodie! In my day job as Chief Executive, I am responsible for ensuring we stay true to our purpose and values. In a strategic capacity, I am also responsible for developing relationships with key partners and major accounts. I love working with ambitious, growing companies who want to challenge themselves and the status quo. Technology, when properly leveraged, can help an organisation differentiate and beat their competition. It's a real joy to make a difference.

    LinkedIn

    Leave a Comment

    Recent Posts

    Topics

    see all