The operators of the Maze ransomware have published today tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts. The hackers leaked 50.2 GB they claim to have stolen from LG’s internal network, and 25.8 GB of Xerox data. Both of today’s leaks have been teased since late June when the operators of the Maze ransomware created entries for each of the two companies on their “leak portal.” The Maze gang is primarily known for its eponymous ransomware string and usually operates by breaching corporate networks, stealing sensitive files first, encrypting data second, and demanding a ransom to decrypt files.
Full story here: https://www.zdnet.com/
The success or failure of a traditional ransomware scheme relies on the assumption that the value of the data being held ransom is greater than the ransom demand itself.
However, organizations always had the option to implement their incident response plan to recover their data from backups or rebuild from scratch, especially if the ransom demand is exorbitant or if paying a ransom is unpalatable.
Historically, there haven’t been any ramifications beyond an organization’s own time and resources. With the onset of ransomware extortion, that option has completely gone away.
Organizations are often forced to pay the ransom in the hope that their data won\\\’t get released to the public or sold to other adversaries. Unfortunately, paying a ransom does not guarantee that the adversaries won’t leak the data anyway, nor does it ensure that an organization will be able to recover encrypted files.
This is not a surprising finding by any means. Most people are just not aware of the many security measures they take for granted working in an office environment. The best thing a business of any size can do right now is immediately take the time to educate their employees on the fundamentals of cyber security. Once educated, enterprises need to trust that their employees understand and prioritise security. A significant amount of their workforce is now likely to be working via home WiFi networks, or even public WiFi networks. Accessing the digital corporate environment from these networks is significantly less likely to be secure than the office-based ones, so employers need to exercise trust in their employees that they are taking the precautions necessary to keep the corporate network safe: Avoiding public WiFi where possible, changing the password on their home WiFi network regularly, as well as ensuring that any security tools their employers invest in are accurately installed and regularly updated on the device they are using for work. All of these activities, should they not be undertaken appropriately, could result in a breach and damage the trust relationship between employee and employer. The standard controls set out in government standards like the UK\’s Cyber Essentials scheme protect against the majority of attacks and do not require expertise or large investment to implement.
The landscape for attack is much broader now and we have seen an increase in security breaches because hackers understand this and are taking advantage of the opportunity. This is a period of transition into what is likely to be a new norm for the workplace. It\’s important to remember that remote working is not inherently insecure. It just needs to be approached correctly.
Criminals are evolving their ransomware techniques and trying to send a signal that organisations should cave in to their demands and pay up quickly when extorted. The fact that criminals now routinely steal data before encrypting it with ransomware is a troubling trend that will only increase. This means that even if the affected organisations have backups in place, they can be extorted to not have their information released publicly, or sold to other parties. It\’s why it\’s important for all organisations to have a comprehensive and layered security strategy that encompasses technical controls, procedures, and trains staff appropriately.