Ransomware operators are becoming more strategically advanced in their cyber threat designs. Victims now have to worry about threats beyond malware and ransomware — they need additional cybersecurity measures in place to protect themselves from more sophisticated, published attacks. Take a look at some of the emerging cyber threats that your organization should watch out for.
Double Extortion Ransomware Attacks
In a double extortion attack, cybercriminals do two things to get companies to pay their ransom. They first encrypt the data, then threaten to leak it publicly unless the organization coughs up a ransom. This means that their victims have to pay for both a decryption key for their data, but they also have to fork out more money to prevent the criminals from selling or leaking their data.
For example, ransomware operator Maze recently started the trend of publicly publishing stolen data after their victim refused to meet their ransom demands. After illegally accessing manufacturing company Southwire’s network, they encrypted the files and demanded a ransom of 850 bitcoins, which was valued at the time at approximately $6 million. After Southwire did not pay the ransom, Maze published a section of the stolen data.
When the stolen data contains protected information, this cyber threat can be financially damaging for victimized companies. Public release of this information increases the possibility that the victimized company could be investigated. Some data breach investigations even yield additional non-compliance fines. This is because the stolen data may include information protected under HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), or PCI DSS (Payment Card Industry Data Security Standard).
Hard To Detect Fileless Malware
You may have heard that cybercriminals can set up file-based malware by installing malicious files on your computer. However, have you considered that they can also set up a memory-based attack? Fileless malware is designed as such and it can be challenging to identify. Without sufficient endpoint security in place, it gains access to your system and can hide undetected.
Ransomware Operators Auctioning Victim Data
In 2020, ransomware operator Sodinokibi was the first to use a new auctioning tactic aimed at persuading data breach victims to pay a ransom. When victims refused to pay ransom demands, the cybercriminals made the confidential data available for auction to the highest bidder.
Increased Nation-State Cyberattacks
Cyberattacks that are launched by nation-states are becoming more proficient and aggressive. Recently, news outletscategorize attacks on companies like SolarWinds and Microsoft Exchange as nation-state activity-based. This can be a particular challenge for companies with remote workers. Organizations with this type of staff need to have modern cybersecurity protocols in place that protect them from this type of attack.
Ransomware Attacks Expanding Industry Targets
Regardless of your industry type, you can be subject to ransomware attacks. Ransomware operators are diversifying their target victims to include a wider range of industries. For example, in March 2021, beermaker Molson Coors fell victim to a ransomware cyberattack following a system outage that stemmed from a cybersecurity issue.