Ransomware could be getting even nastier: a security firm is warning over a new trend among some ransomware attackers to not just encrypt data, but steal some of it and use it as leverage to ensure a target pays up.
In several recent cases it has been reported that the ransomware gang have not just encrypted data but also threatened to leak the data, too. Emsisoft says these attacks elevate the ransomware threat “to crisis level” and called on government organizations to immediately improve their security.
“If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked,” the cybersecurity company said.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Emsisof said by its calculations that in 2019 across the US, ransomware attacks impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion. The impacted organizations included 103 federal, state and municipal governments and agencies, 759 healthcare providers and 86 universities, colleges and school districts.
It said that the impact of ransomware included emergency patients being redirected to other hospitals, medical records made inaccessible and, in some cases, permanently lost, and emergency dispatch centres being forced to rely on printed maps and paper logs to keep track of emergency responders in the field.
Company spokesperson Brett Callow told ZDNet: “In the past, the worst-case scenario for governments was data loss. Now, the worst case is data, including the publics’ [personal information], being stolen, made public and/or sold to other criminal groups. And that’s a very real possibility, especially given governments’ obvious susceptibility to ransomware attacks. This development has changed the risk landscape.”
These recent attacks aren’t the first time a ransomware group has used the threat of leaking stolen data. In October, a group called Shadow Kill Hackers held the City of Johannesburg in South Africa’s IT systems to ransom and threatened to publish its stolen data on the internet unless four bitcoins were paid.
The tactic could be becoming more widely adopted in response to more US cities committing not to pay ransoms, despite city services being crippled by the attacks. The US Conference of Mayors in July adopted a resolution not to pay any more ransom demands to hackers.
SEE: Cybersecurity: This password-stealing hacking campaign is targeting governments around the world
Whether the threat of data loss, plus the public exposure of company secrets, really constitutes a crisis is open to debate. But the combination of ransomware and threatening to leak stolen data offers a twist on the age-old cybercrime business of stealing data and selling to whoever pays the most, according to Mikko Hypponen, chief researcher at security firm at F-Secure.
“Stealing data and selling it to the highest bidder has always been good business for criminals,” Hypponen told ZDNet. “Now they’ve realised that often the highest bidder is the owner of the data themselves.”