Security News > 2023 > August > S3 Ep146: Tell us about that breach! (If you want to.)

The root of the problem is that shared CPU components, like the internal memory system, combine attacker data and data from any other application, resulting in a combined leakage signal in the power consumption.

Whether just suffering a ransomware attack is inevitably enough to be a material data breach.

Type A is where the crooks don't steal your data, they just get to scramble your data in situ.

Then there's a Type B ransomware attack, where the crooks go, "You know what, we're not going to risk writing to all the files, getting caught doing that. We're just going to steal all the data, and instead of paying the money to get your data back, you're paying for our silence."

If a company is hit by ransomware, found no evidence of data exfiltration after a thorough investigation, and recovered their data without paying the ransom, then I would be inclined to say, "No.".

The irony is, Doug, if you had done that as a company, you might want to tell your investors, "Hey, guess what? We had a ransomware attack like everyone else, but we got out of it without paying the money, without engaging with the crooks and without losing any data. So even though we weren't perfect, we were the next best thing."

News URL

https://nakedsecurity.sophos.com/2023/08/03/s3-ep146-tell-us-about-that-breach-if-you-want-to/