Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

The Double-Whammy Threat Of Ransomware: Not Always About The Money

Accenture recently filed documents showing that a ransomware attack it suffered months ago led to a data breach. The organization had initially claimed that the ransomware attack had "no impact" on its business.

Accenture stated in its fourth quarter and full fiscal year financial report that the ransomware group responsible for the attack stole company data. The organization experienced "data security incidents resulting from unauthorized access to our and our service providers' systems and unauthorized acquisition of our data and our clients' data including: inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks."

According to the report, Accenture first detected "irregular activity," including "extraction of proprietary information by a third party," in its systems during the fourth quarter of FY 2021. The third party allegedly made some of the data it stole available to the public.

Accenture admitted that some of its customers' sensitive information was compromised. The report stated that clients had experienced "breaches of systems and cloud-based services enabled by or provided by us."

It is believed that the LockBit group carried out the ransomware attack. In August 2021, the ransomware group threatened on its website to leak data stolen from Accenture. LockBit demanded a $50 million ransom in exchange for six terabytes of stolen data.

When it first shared news of the ransomware attack, Accenture maintained that LockBit's claims were false. According to BleepingComputer, Accenture has not yet publicly acknowledged the data breach outside of SEC filings and data breach notification letters filed with the authorities. Lyle Adriano "Accenture confirms ransomware incident also involved data breach" www.insurancebusinessmag.com (Oct. 19, 2021).

Commentary

There is no guarantee that cybercriminals will unlock your organization’s system and remove all malware if a ransom is paid. Some argue paying ransoms only encourages cybercriminals to attack the organization again.

But, beyond that, ransomware attacks now often involve a data breach in which cybercriminals steal valuable sensitive data. In the past, ransomware victims could at least feel like their data was safe from being leaked, but that is no longer the case.

According to The Coveware Quarterly Ransomware Report, in the third quarter of 2020, nearly half of ransomware attacks included “the threat to release exfiltrated data along with encrypted data.” The report states that cybercriminals use the threat of releasing stolen data “as a monetization conversion kicker.”

In this way, threat actors can force organizations that back up their data—organizations that in the past would have restored their backups and ignored ransom demands—to engage with them to determine what data was stolen.

Coveware notes that several organizations have paid ransoms to keep stolen data from being shared, only to have their data leaked anyway. For example, the ransomware group Sodinokibi re-extorted victims that paid a ransom weeks later over the same data set, and the threat actors Netwalker and Mespinoza each posted data stolen from companies that paid for it to be kept private.

According to Coveware, victims of data exfiltration extortion that do pay cannot be sure that the data will be credibly deleted. They should expect that the data is held by multiple parties without being secured and could be posted by mistake or on purpose after paying a ransom. Plus, unlike negotiating for a decryption key, negotiations to keep data secure could continue indefinitely. “Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues” www.coveware.com (Nov. 04, 2020).

The best protections against both traditional ransomware attacks and those that include data exfiltration extortion are frequent employee training that includes the importance of not clicking on unknown links and attachments and strong cybersecurity practices such as keeping all software updated and employing anti-virus software.

Finally, your opinion is important to us. Please complete the opinion survey:

Why Your Access Control Policy May Be Your Most Important Cyber Policy

The FBI says an employee of a tech firm is the perpetrator of its recent systems hack and ransom plot. Read how your system access controls can help prevent the inside cyber risk.

read more

Why A Balanced Approach Of Response And Preparation Is Needed For Data Security

A recent study found that IT personnel recognize how proactive risk assessment steps can minimize damage from a systems breach. However, do they have the time? Learn more.

read more

Checking For Skimmers: A Day-To-Day Security Task

Performing visual and physical security checks can help you spot credit card skimmers. Learn more about this identity theft risk.

read more

Online Account Takeover Fraud Spiking: Are Unique And Strong Passwords The Answer?

Account takeover fraud is on the rise. Read ways to protect yourself from this form of identity theft.

read more