Security News > 2021 > October > 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

In less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization's systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group's threat intelligence team - no ransomware required.

Last July SonicWall issued a patch for a bug in its old VPN models no longer supported by the company after attacks came to light - which were part of an ongoing wider campaign to exploit.

Oliver Tavakoli, CTO with Vectra, said that getting rid of the encryption piece of the attack altogether is a "Natural evolution" of the ransomware business model.

The NCC team likewise predicts the trend toward simple attacks on shorter timelines is likely to continue.

"NCC Group's Threat Intelligence team predicts that data-breach extortion attacks will increase over time, as it takes less time, and even less technical in-depth knowledge or skill in comparison to a full-blown ransomware attack," the team said.

"Therefore, making sure you are able to detect such attacks in combination with having an incident response plan ready to execute at short notice, is vital to efficiently and effectively mitigate the threat SnapMC poses to your organization."

News URL

https://threatpost.com/rapid-attacks-extort-ransomware/175445/