A nasty new hacker tactic announced

The leaders of the ransomware known as Sodinokibi (REvil Ransomware) have announced a nasty new tactic to get their victims to pay up when their files get encrypted.

The hackers are now threatening that they'll begin releasing stolen data to the general public or to competitors unless the ransom is paid.

While hackers have made this threat in the past, this year was the first time in history that anyone has followed through with it. At the end of November of this year, when Allied Universal was successfully attacked, they were given the ultimatum to pay up or see their files released. The company didn't pay, and the hackers promptly released more than 700MB of data on a hacking forum on the Dark Web.

Should ransomware attacks be treated like data breaches?

Given this new reality, it raises some thorny questions. Should IT professionals begin treating ransomware attacks like data breaches? Possibly so, but doing so complicates matters. Right now, ransomware attacks are treated as a purely internal problem. Customers and vendors aren't necessarily contacted and formal disclosures don't have to be made as to the scope and scale of the data impacted.

If hackers start regularly releasing the files they encrypt, it puts a lot of information at risk. Information that includes sensitive data, personal information, salary information, termination letters, details on relationships with third parties, trade secrets, and a host of other sensitive, proprietary data. It is all at risk of public exposure. It will not only increase public concern but could easily lead to lawsuits. That is especially if the company falling victim to a ransomware attack fails to report it as a breach and the data is subsequently leaked.

Our perspective

It's too soon to say whether or not this is or will become the new normal, but before it happens to you, it bears thinking about how your company will handle the issue.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.