The Double Whammy: Ransomware + Data Exfiltration

What Other Industry Will Often Pay Extortion Requestions?

And so Blackbaud — the latest company to be hit by ransomware — annouced:

“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”

Honestly? You can trust a cybercrimal to delete all the data they captured?

APT + Ransomware + Data Exfiltration

So the Lockheed Martin Kill Chain model defines a weaponize process. For a cybercriminal, this weapon is increasing has two attacking methods: ransomware and data exfiltration. The way in can vary, and many more serious attacks are not focused on blinding phishing an organisation, but to target them with an APT (Advanced Persistent Threat). An intruder thus finds a way into the organisation infrastructure, and then waits for a while, and observe. Their blunt weapon is ransomware, but they keep this back, as once it is deployed, they will have to leave, and the defence systems will go into overload. Before they leave, their task is to steal sensitive data from the organisation, either to sell back to the organisation or to sell for malicious reasons. Once they have that, they will often disable…