One in seven ransomware extortion data leaks are revealing technology data critical to business operation, researchers say.
In recent years, ransomware has catapulted in severity from its early days as barebone encryption and basic demand for payment.
Historically, ransomware was used to infect systems and extort payments from the general public, typically in cryptocurrency such as Bitcoin (BTC). In recent years however, operators have taken to “big game hunting”, targeting large organisations for a hefty payoff.
“Big game” targets include but are not limited to large enterprise firms, utilities, hospitals, and key supply chain players.
Colonial Pipeline fuel suppliers fell prey to a ransomware attack in 2021. Their systems were hijacked by DarkSide and their data held for ransom to the tune of $4.4 million. Despite paying up the damage was done and the United States was hit with panic buying and fuel shortages.
This has been taken a step further with Cisco Secure coining the term “one-two-punch” extortion. This is when ransomware operators steal confidential data before encryption begins and threaten to leak information if a victim will not pay.
Often ransomware operators manage leak sites that publish stolen data. According to Mandiant Threat Intelligence, 2021 saw thousands of victims subject to these extortion tactics.