The Ransomware Data Breach Phenomenon

I came across a chilling article recently—an article that announces a new type of attack, the ransomware data breach. 

This piece talks about how cybercriminals have been accessing networks on the sly to determine how ransomware might cripple an organization before enabling the attack.

That’s no surprise. We’ve been writing about The Silent Bad Actor for a while now.

The article also chronicles how companies countered this threat with backups, a best practice we recommend. However, the author then explains how these Silent Bad Actors have figured a way around the protection a backup can provide: 

“Then they realized that encrypting some company’s data wasn’t the worst thing they could do. They could do things that a backup wasn’t going to fix….They realized that by copying the data first, and threatening to release it to the company’s competitors and the public in general, that a tape backup wasn’t going to help the victim. Imagine every email you and your employees have ever written out there on the Internet.” [Emphasis mine]

Later in the article, the author writes, “A good backup will not save you.” 

I’d like to say that this is the only report on the ransomware data breach phenomenon. 

But it’s not. 

Back in December, Krebs on Security wrote about Maze ransomware and how its perpetrators resorted to publishing stolen information online. In the article, Krebs quoted one expert as saying, “Ransomware attacks are now data breaches.”  

Less than two months later, this article hit the internet, reporting how Maze cybercriminals have exposed the data of several legal practices.  

Ars Technica also published a piece on how “[t]he Maze ransomware ring has taken extortion to new heights by publicly posting breached data on the Internet.” 

This ransomware data breach phenomenon is nothing to be trifled with. 

So what should you do? How should you think? 

I’d like to share a few thoughts as you process these incidents. 

1. Defeating the ransomware data breach threat starts with your organizational culture. 

Have you ever considered why we see organization after organization becoming a ransomware victim in the news? 

One reason ransomware is so successful is that most organizations have cultivated a culture where convenience and ease of use are prioritized over keeping an organization’s data, stakeholders, and IT systems secure.

Cybersecurity is not just a technical problem. It’s an organizational culture problem. 

To see what I mean, here’s a quote from the article I cited earlier:  

“But if we look at how ransomware is breaking in, the two common attack vectors are social engineering and phishing. which account for 70% to 90% of all malicious data breaches….No matter what technical controls you put in place, some phishing and social engineering will make it past your defenses and your organization’s employees will be tested to see if they can spot it and respond appropriately. You need good security awareness training to accomplish that.” [Emphasis mine]

Let me put what the author is saying another way: Ransomware gains a foothold through those spam emails your employees receive, but the technological community hasn’t found a solution that prevents these threats 100% of the time—hence the need for cybersecurity training.  

And I’ll go a step further than that quote. 

When it comes to the ransomware data breach phenomenon, your best firewall is actually a well-trained human. 

Defeating the bad guys can’t happen until businesses start placing a priority on cybersecurity within the organizational culture and budget. When that happens, team members take ownership of protecting the IT infrastructure, and cybercrime risk is greatly reduced. 

But organizational culture is a topic in and of itself—and one that deserves our attention very soon.

2. Don’t be simplistic about ransomware data breaches. The bad guys aren’t. 

Ransomware data breaches don’t need to happen. But it’s a mistake to think a one-dimensional approach will address a threat so complicated. 

Consider the amount of ingenuity it takes to clandestinely break into a network and execute a blackmail strategy. 

Do you think installing antivirus on your PCs will protect you from the likes of these cybercriminals? Think again! Because it will not.

Basic approaches underestimate the crooks we’re up against and leave organizations vulnerable to attacks. At Proactive IT, we advocate a multilayered approach to cybersecurity that involves staying on top of best practices, implementing best-in-class cybersecurity technologies, and utilizing an approach that reflects the NIST Cybersecurity Framework. 

3. Know your risk for being a target.  

The ransomware data breach phenomenon affects every organization in Charlotte, in North Carolina, and beyond. However, this news is weightier for some organizations than for others—especially those that carry significant cyber risk. 

Does your organization fit the profile of a potential victim? Here are a few factors I’d like to point out: 

Consider your company’s industry and role. 

Are you an attorney serving high-profile clients?

A CPA preparing tax returns?

A manufacturer holding coveted trade secrets? 

A leader in the financial sector with access to client Social Security numbers?  

Your company’s industry and role can effectively place a bull’s-eye on your organization. The more confidential your role, the more prestigious your industry, the more sensitive your data…the more likely your organization will look like a target to the bad guys. 

They know which businesses have more to lose in an attack.

Consider your profitability. 

If you were a cybercriminal, think about which company you’d rather target: a cash-strapped startup or a revenue-rich and established organization. 

The more profitable your business, the more likely you’ll have the cash to pay the bribe that the ransomware data breach demands.  

Consider your public visibility. 

Another factor is how easy it is for a cybercriminal to learn about your organization. If you have a public website, an active presence on social media, or another form of visibility, the bad guys have the ability to analyze your company for the phishing and social engineering attacks mentioned above. 

What is Proactive IT doing about this? 

Well, for one, we’re staying alert. We keep an eye on the news and what’s happening in the world of cybercrime. 

But we’re also staying up-to-date.

Even though this ransomware undermines the effectiveness of backups, that hasn’t knocked us out of the game. We’ve never taken a one-solution-solves-everything approach to cybersecurity anyway. 

Advanced endpoint security, SIEM, employee training and testing—we have a lot of tools in our arsenal and a process-driven culture to make sure our execution is consistent with industry best practices.

And that’s the beauty of taking a multilayered approach to cybersecurity that pays attention to the details. Even if the bad guys undermine one buttress, that doesn’t mean they can seize the castle.  

As always, we encourage our readers to reach out to the Proactive IT team. If you need to get in touch, our phone number is 704-464-3075, and our email is info@weareproactive.com.