The Zeppelin ransomware gang has joined the ranks of ransomware strains (Maze, REvil (Sodinokibi), Snatch, and the now-defunct Merry Christmas) that collect and steal a victim’s data before encrypting files.
New Zeppelin Ransomware Brings Companies To A Halt https://t.co/hoInPE1Ryn pic.twitter.com/xgu471bSBy
— RSSFeedsCloud (@RSSFeedsCloud) December 31, 2019
Attackers have been stealing data prior to launching ransomware attacks for many years already, but this trend has become even more well-organized, systematic and persistent.
Malware with built-in mechanisms to steal and then encrypt data will likely mushroom in the near future. There are two vectors to every exploit of attack. The first is to get ransom money and the second is to get money by selling data. This particular form of malware will ensure that at least one vector will be profitable to cybercriminals.
The problem for organizations is that now, in accordance with most of the data protection and privacy laws, they will likely be required to indemnify customers who have fallen victim and whose data was affected in a ransomware attack.
Previously, most organizations merely announced ransomware incidents as minor concerns, solely affecting data availability but not confidentiality or integrity. Today, given the multifaceted approach taken by the attackers, downplaying the importance of a ransomware incident is unlikely to succeed, triggering a protracted chain of investigations and legal ramifications.
Keeping an up2date, comprehensive and holistic inventory of your digital assets, enhanced with continuous security monitoring and Dark Web surveillance, is a key to avoid falling victim to ransomware, most of which exploit known vulnerabilities in abandoned, legacy or shadow systems which then cause a domino effect.