Leakware is The New Ransomware

You’ve heard the horror stories of ransomware. Cybercriminals access and encrypt your business data. You have to pay a “ransom” for the key to unlock it or, assuming you have them, restore from backups. Leakware is similar, but now the bad actors are threatening to post your confidential business information online if you don’t pay up. Simply restoring from backups isn’t enough as they will post the information online if the “ransom” isn’t paid.

There are probably many things your business wouldn’t want shared publicly. This could be your IP, your secret sauce recipe, your customer database with all the details, or financial data: the works. Your clients also wouldn’t want to see their shared information disclosed to the public or highest bidder.

The public sector is particularly at risk for leakware, also known as extortionware. Attackers threaten to publish personal information online. Healthcare organizations are top targets, as attackers know they face strict compliance regulations having to ensure medical records and other PII are protected.

Leakware doesn’t just affect you and your business. It can hurt all the parties with leaked data. Those disclosures can make citizens or customers more likely to be victims of fraud or identity theft via many scams, opened credit accounts, and more.

Leakware is costly. Beyond the ransom being paid, there are associated collateral damage costs such as:

  • downtime
  • lost sales opportunities
  • loss of reputation with customers
  • attack mitigation and recovery efforts
  • damage to company brand reputation
  • penalties for unmet contractual obligations
  • non-compliance penalties
  • fees for fraud protection services to affected individuals

“Nearly 3 out of 4 companies infected with ransomware suffer two days or more without file access.” – Acronis

Leakware – Planning and Prevention

Leakware is the latest evolution of ransomware. In Johannesburg, hackers compromised databases and files with passwords, financial, and personal population data. They demanded bitcoin payment, or else they would reveal the stolen information and the methods for the security vulnerabilities they breached to access the city systems.

The City of Johannesburg chose not to pay, and the data is likely being sold off on the black market.

Preventing a leakware attack requires the similar precautions as ransomware. The stakes are simply higher. At 101 Digital we deploy an onion layer style approach of security for our clients. Using just antivirus isn’t enough to protect against elaborate social engineering. Attackers know that their methods must evolve and attacks have to be delivered via many methods.

101 Digital deploys advanced email filtering, endpoint protection, EDR, network IDS and firewalls, encrypted offsite backups, as well as SOC and SIEM solutions with user training and phish testing for our Managed Security Services clients. Even that is  just a small snapshot of what we’re monitoring and doing behind the scenes to protect our customers.

It’s also recommended to limit access based on the principle of least privilege. Users should have access only to data, software, or systems that they need based on their role within the organization. If those responsibilities change, make sure their rights and access do as well. Attackers shouldn’t be granted access to all data by getting one password of an employee.

Educate staff about the risk of social engineering and using public wireless internet. Make sure your team uses a trustworthy Virtual Private Network (VPN) when using public WiFi or connections at other offices. Furthermore, turn on two-factor authentication for all email accounts as well as however many other accounts support it.

Leakware and ransomware are going strong in 2020. If you need help with your protection efforts or want to discuss what’s currently in place, give us a call 630-563-0151.