The data theft and name-and-shame tactics initiated by Maze in November 2019 and subsequently adopted by multiple other groups have blurred the line between ransomware attack and data breach.
The most attractive targets for this type of attack are the organizations that would suffer the most harm from their data being exposed as they are perceived to be the most likely to pay to prevent exposure. Consequently, organizations in the legal, healthcare and financial sectors have been frequently targeted.
But just how common are encryption+exfiltration attacks, and what is the probability that an organization which has had its data encrypted will also have had it stolen?
The numbers
Between January 1st and June 30th, 2020,
ID Ransomware received 100,001 submissions relating to attacks by the ransomware groups that target companies and public sector organizations.
Of those submissions, 11,642, just over eleven percent, related to attacks by the groups that overtly steal data.
Why this matters
Exfiltration+encryption attacks combine the disruption of a ransomware incident with the long term impact of a data breach.
In addition to the costs associated with business interruption and recovery, organizations may also face regulatory penalties, reputational harm, legal actions, see their share price affected and experience a myriad of other significant impacts such as the loss of intellectual property or the disclosure of competitive information.
Further, exfiltration+encryption incidents create a path for future attacks and other criminal activity. The stolen information can be used to spear phish victim organizations’ clients and business partners or be used to commit other forms of fraud, such as business email compromise (BEC). In other words, one crime can lead to many.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}