Press "Enter" to skip to content

Ransomware operators shift to stealing data, increasing risk for business

Ransomware operators are streamlining their businesses.     Some are no longer locking up the target’s systems via encryption and instead steal the data before locking the organization out and then demanding a second payment to stop it from leaking online.

LockBit, for example, is urging members to stop using encryption in attacks on critical infrastructure – and have a rule to ban the tactic.     The operators have learned they can get paid the same amount for half the work.  

Here’s the latest landscape data from the 2022 Thales Cloud Security Study:  Organizations run an average of six different tools or features to secure their public cloud environments, and 96% of decision-makers still report that their organizations faced security incidents in the last 12 months.   , 45% of businesses have experienced a cloud-based data breach or failed audit over the past year. Between 2020 and 2021, ransomware-related data leaks and interactive intrusion campaigns increased by 45%.

Also happening last week: a series of meetings at the UN, which is working on a new international cybercrime treaty.   The goal is a treaty designed to frame new laws around the world.  

Why do we care?

The change in tactics by ransomware operators feels prescient.    While I don’t believe it changes defenders’ tactics, it changes the risk calculus business owners apply.  We’re not defending against downtime and instead protecting against data exposure.      The new strategy to consider is having less data online.     You can’t be extorted for data you didn’t collect.  

Hoovering up everything you can is far riskier now than ever, and there’s high value in helping customers ensure they are only keeping what they need to, which minimizes risk.  

Be First to Comment

Leave a Reply