Press "Enter" to skip to content

A scary new ransomware tactic: insiders

Research from Proofpoint and the Ponemon Institute found that ransom payments typically account for less than 20% of the total cost of a ransomware attack.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes.

CISA’s fact sheet includes best practices for preventing ransomware attacks and protecting sensitive information from exfiltration attempts.    Quick summary – nothing controversial.  

And here’s a new ransomware tactic.   Abnormal Security reported this week of a ransomware operator asking a victim company’s staff to deploy ransomware… and then take a cut of the proceeds.     Social engineering within the organization to get an insider deployment.  

Why do we care?

New insider threat – employees paid off to deploy ransomware.     So much for the perimeter trust model… and even trusting your own staff.    If you’re not already seeing the case for Zero Trust architectures, here’s the final reasoning. 

The payment data from Ponemon interestingly highlights how the damage of an attack is not just the payment.    The ability to absorb an attack is measured in how large a check a business can write when it happens.   That appears to really be the metric.    Big companies can write big ones, and it’s a smaller relative cost.  Small companies cannot – and conditions on the ground continue to worsen.