Tuesday, March 10, 2020

Treat Ransomware As Data Breaches And Report It Right Away


It’s only been a few months into the year but there’s already been a significant increase in the use of ransomware that steals data. It is a type of ransomware that encrypts the data of the victim and extracts it to the server of the attacker.
The data that’s been stolen will then be used to force the victim into paying their specified ransom. But, evidence shows that cybercriminals also utilize the data to execute phishing attacks on customers and business partners of the victim firm.
IT experts suggest that businesses disclose these ransomware incidents as soon as possible. Reporting incidents, especially the ones that involve ransomware that’s can exfiltrate data is important to prevent other companies from falling victims to a similar attack.

Lack of Disclosure

As of the moment, companies are not legally required to report ransomware incidents. Organizations that have fallen victim to ransomware could fix the problem, by paying or not paying the cybercriminals and resume regular business operations, without telling their partners, customers, or the public about the cyberattack.
This is a common response with traditional ransomware. The data of the company was encrypted but it was not read, altered, or extracted. In theory, PII or personally identifiable information was exposed so the company doesn’t have to deal with business interruption and reputational loss that come after they report the incident.
This kind of reasoning won’t hold up when it involves data-stealing ransomware. Nemty, DoppelPaymer Sodinokibi, Maze, and other ransomware groups have started using methods that allow them to extract the data of their victim to a remote server where they could read, manipulate, and use the data however they like. The data that was stolen will be used to force their victims to pay the ransom. But it can also be used for spearfishing attacks.

Data Theft and Spear Phishing

Spear phishing refers to a cyber attack that targets certain people in a company to access crucial data like staff credentials, financial data, in this situation, deliver ransomware through suspicious email attachments.
Given that actors have access to the data of the company, and in some cases, emails – lets them make very convincing email messages. In certain instances, those emails might even look like a reply to a message, which makes it look like it is a legitimate email to the victim.

Companies Stand Silent When It Comes To Cybersecurity

When a business face a ransomware attack, its business partners, suppliers, and customers will be on the lookout for targeted attacks. But, this is not the case. Because organizations are not required to report ransomware incidents, there is some motivation for businesses to come forward and admit that their company was hit by ransomware.
What Should Businesses Do?
Data stealing ransomware are becoming increasingly rampant. Now is the time to start referring to ransomware incidents like data breaches.
All ransomware incidents must be thought of as data breaches until they are proven otherwise. Governments create a legislation wherein ransomware attacks to be considered as data breaches and ask the affected business to immediately issue notifications.

Call SpartanTec, Inc. now and let our team set up the most effective cybersecurity measures to protect your business against today’s most common online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/