BitPyLock Ransomware Now Threatens To Publish Stolen Data

As reported by Bleeping Computer, a new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices. BitPyLock was first discovered by MalwareHunterTeam on January 9th, 2020 and has since seen a trickle of new victims daily. In this recent version, the actors have changed their targeting to focus on network compromise and the claims of stealing data before encrypting devices.

Experts Comments

January 23, 2020
Ameesh Divatia
Co-Founder & CEO
Baffle
Data is the new ‘oil’, the most important asset that an organization has, making it a lucrative target for bad actors. The vast majority of high-profile breaches result from the fact that companies are already compromised. A data-centric protection strategy is a foolproof approach to thwarting smash and grab data exfiltration operations. It starts with deciding what data to retain, followed by protecting it as it is ingested. Encryption at the record level is a data transformation.....Read More
Data is the new ‘oil’, the most important asset that an organization has, making it a lucrative target for bad actors. The vast majority of high-profile breaches result from the fact that companies are already compromised. A data-centric protection strategy is a foolproof approach to thwarting smash and grab data exfiltration operations. It starts with deciding what data to retain, followed by protecting it as it is ingested. Encryption at the record level is a data transformation technique that will protect data at all times as long as the key and the data never come together creating a ‘fail-safe’ mechanism. The next and most difficult step is to share that data responsibly with third parties, using other transformation techniques, like masking and tokenization, will prevent sensitive data from being exfiltrated. Finally, with new capabilities such as privacy-preserving analytics, it is now possible to process that protected data without compromising privacy.  Read Less
January 22, 2020
Jake Moore
Cybersecurity Specialist
ESET
Ransomware has become one of the most powerful financially driven weapons used by malicious actors, and if companies continue to pay, it will continue to haunt us for a while longer yet. Coupled with extorting data, it’s becoming an epidemic. Companies need to prepare for the worst and simulate an attack such as this to really locate where the vulnerabilities lie. Losing data to encryption is one thing, but losing it in clear text to the dark web is another level altogether. Encrypting.....Read More
Ransomware has become one of the most powerful financially driven weapons used by malicious actors, and if companies continue to pay, it will continue to haunt us for a while longer yet. Coupled with extorting data, it’s becoming an epidemic. Companies need to prepare for the worst and simulate an attack such as this to really locate where the vulnerabilities lie. Losing data to encryption is one thing, but losing it in clear text to the dark web is another level altogether. Encrypting personally identifiable information in business is the best protection on such important data. This will mitigate the risk of it being compromised and exposed online.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.