Paying a ransom to prevent leaking of stolen data is a risky gamble

2020-11-05 13:15

They also warned that cases where the attackers exfiltrated data and asked for an additional ransom to delete it have doubled in the same period, but that paying up is a definite gamble.

Various ransomware groups have posted the stolen data online despite having been paid to not release it or have demanded another payment at a later date.

"Unlike negotiating for a decryption key, negotiating for the suppression of stolen data has no finite end. Once a victim receives a decryption key, it can't be taken away and does not degrade with time. With stolen data, a threat actor can return for a second payment at any point in the future," the company said.

"The track records are too short and evidence that defaults are selectively occurring is already collecting. Accordingly, we strongly advise all victims of data exfiltration to take the hard, but responsible steps. Those include getting the advice of competent privacy attorneys, performing an investigation into what data was taken, and performing the necessary notifications that result from that investigation and counsel."

"The foothold created by the phishing email or CVE exploit is used to escalate privileges until the attacker can command a domain controller with senior administrative privileges. Once that occurs, the company is fully compromised and data exfiltration + ransomware are likely to transpire within hours or days," they explained.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/yW5BjJjYtHc/

#ransom