In the last two years particularly, double extortion attacks in which ransomware groups demand payment to unencrypt a victim’s data only to then demand more money to delete exfiltrated data rather than dump it on the internet have grown increasingly common. Indeed, fully half of the ransomware incidents Sophos responded to in 2021 included data exfiltration, according to research the security vendor published last week.
Lately though, it appears, the money threat actors are making from the second half of a double extortion attack is so good that they’re skipping past the first half. “They don’t even bother with the encryption,” says Candid Wuest, vice president of cyber protection research at Acronis, citing the Lapsus$ hacker group in particular. “They just steal the data.”
And guess how some of them are doing it. “We’ve seen some [incidents] where the attackers used backup to exfiltrate data,” Wuest says. “They basically just create a new backup job to the cloud.”
That’s a classic case of what security researchers call “living off the land” techniques, Wuest notes. “The attackers are using everything that you have already installed against you.”
More Galleries like This
ChannelPro had the chance to catch up with Trusted Tech Team, ConnectMeVoice, and CrowdStorage at the recent SMB Forum in Dallas. From security to VoIP to cloud storage, see what they have in store.
See what products security systems integrators can offer end-users in this slideshow.
AlienVault, Barracuda Networks, LogRhythm, SolarWinds, Sophos, Spiceworks, and WatchGuard preview what 2019 has coming for security. Warning: It’s not pretty.
Speaking during an online meeting of its Varnex partner community, the distributor discussed booming SMB market conditions, the ongoing transformation of Varnex into a solution sales engine, and (of course) its pending merger with Tech Data.