As if dealing with COVID-19 were not enough, 2020 turned out to be a banner year for another troublesome strain of virus— ransomware. Malicious actors grew more sophisticated, daring and brutal. They also hit a number of high-profile targets.
For those of you who didn’t keep up with all of the developments in the ransomware space, we’ve broken down some of the most important events and trends of the year here.
Growing in Scale and Scope, More Leakware
Unfortunately, ransomware has proven to be a very effective way for criminals to make money, so it’s not surprising that it’s gaining popularity. For example, the United States saw a 139% year-over-year jump in ransomware attacks by the end of Q3.
Leakware in particular is growing especially quickly. Unlike traditional ransomware, which only encrypts data, “leakware” also steals sensitive data in plaintext before it encrypts it. The ransomware actors then threaten to release the sensitive data to the public if the victims don’t pay up.
Some of the big names who fell victim to extortion this year include a New York law firm that represents celebrities like Lady Gaga, Madonna, and Elton John. After the firm refused to pay up, the attackers auctioned off sensitive data belonging to Madonna for $1 million USD.
Auctions are just one example of how ransomware gangs deployed new methods for blackmailing their victims. There was also increasing use of social media, blogs and the dark web to spread sensitive data. One gang even published Facebook ads advertising a leak to try to intimidate a victim into giving in to their demands.
Additionally, there’s a security dimension to the rising tide of data leaks. Defense contractor Westech International’s systems were compromised this year. This is alarming news since they produce intercontinental ballistic missiles designed for delivering nuclear (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/review-of-ransomware/