fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Scam PSA: Ransomware Gangs Don’t Always Delete Stolen Data When Paid

Scam PSA: Ransomware Gangs Don’t Always Delete Stolen Data When Paid

Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom.

In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid.

Now, not only are victims being extorted through the encryption of their files but also by the risk of their data being published and causing a data breach.

This tactic was quickly adopted by other ransomware operations, who began to create data leak sites used to publish victims’ stolen files.

As part of this double-extortion tactic, most ransomware operations require a victim to pay a single ransom that will provide both a decryptor for their encrypted files and a promise not to share and to delete stolen files.

Some ransomware operations, like AKO/Ranzy, demand two ransom payments, one for the decryptor and another not to publish stolen data.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

Ransomware gangs not keeping their promise

In the Coveware Q3 2020 ransomware report released today, we learn that some ransomware gangs do not keep their promise to delete stolen data after a ransom is paid.

According to the new report, certain groups are leaking stolen data after a ransom was paid, using fake data as proof of deletion, or even re-extorting a victim using the same data that was paid not to be released.

  • Sodinokibi: Victims that paid were re-extorted weeks later with threats to post the same data set.
  • Netwalker: Data posted of companies that had paid for it not to be leaked
  • Mespinoza: Data posted of companies that had paid for it not to be leaked
  • Conti: Fake files are shown as proof of deletion

Maze, Sekhmet, and Egregor, who appear to be all related, were also mentioned as having a problem keeping data secret after getting paid. In a conversation with BleepingComputer, Coveware’s CEO Bill Siegel explained that as Maze grew larger, their operation became disorganized, and the victim’s data was mistakenly posted on the data leak site.

Siegel also told BleepingComputer that Conti used file-sharing sites to share proof of stolen data with victims. When uploading data to these sites, removal links are also generated that allow anyone with the link to remove the uploaded data.

According to Siegel, Conti provided victims fake removal links after a ransom was paid that contained dummy data and not the victim’s actual data. These links were meant to trick the victim into thinking their data was deleted, when in reality, Conti continued to hold on to the data.

Unlike a ransomware decryptor, which a threat actor can’t take away once given, there is no way for a victim to know for sure if a ransomware operation is deleting stolen data after a ransom payment is made.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

Due to this, Coveware told BleepingComputer that it does not make sense to pay a ransom as there is no way to know for sure it will not be used to extort you further in the future.

With this in mind, Coveware tells victims to expect the following if they do decide to pay, so their data is not released:

  • The data will not be credibly deleted. Victims should assume it will be traded to other threat actors, sold, or held for a second/future extortion attempt
  • Stolen data custody was held by multiple parties and not secured. Even if the threat actor deletes a volume of data following a payment, other parties that had access to it may have made copies so that they can extort the victim in the future
  • The data may get posted anyway by mistake or on purpose before a victim can even respond to an extortion attempt

Companies should automatically assume that their data has been shared among multiple threat actors and that it will be used or leaked in some manner in the future, regardless of whether they paid.

Instead, companies should treat the attack as a data breach and properly inform all customers, employees, and business partners that their data was stolen as required by law.

Doing this makes the companies look better for trying to do the right thing and gives those who were exposed the ability to monitor and protect their accounts from fraud.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us