BACKGROUND:
It has been reported that in less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team — no ransomware required. Rather than disrupting business operations by locking down a target’s data and systems, SnapMC just focuses on straight-up extortion. However, this low-tech, ransomware-free approach to extortion on a compressed timeline relies on known vulnerabilities with patches readily available.
<p>Data exfiltration as part of an intrusion is a double edged sword for malicious actors. The motivation in paying the ransom, in most cases, is to restore services rather than to recover lost data. How naive do you have to be to think that if a ransom is paid, that data will be perfectly perfectly safe in the hands of a criminal? Regardless of whether an organisation pays the ransom or not, they will still have to notify regulatory bodies with 72 hours if they are bound to GDPR or NIS regulations. They will still have to take the same recovery and response measures whether they pay or not. In fact, the only thing that would tarnish their reputation more would be to pay the ransom in the hopes they can cover up a breach.</p>
<p>Snap, they made headlines. Crackle, no ones going to pay. Pop, they’ll move on.</p>