fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Companies Start Reporting Ransomware Attacks As Data Breaches

Companies Start Reporting Ransomware Attacks As Data Breaches

Data Breach

Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.

A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.

If a victim does not pay the ransom, the threat actors will publicly post the data on data leak sites created to shame the victim.

This tactic is being conducted by almost all ransomware operations, including Maze, REvil, Netwalker, DoppelPaymer, CLOP, RagnarLocker, Nephilim, Ako, and others.

Ransomware attacks are data breaches

The data stolen in these attacks can be damaging to a company as it commonly includes financials, trade secrets, unpublished reports, and emails.

It can also, though, be a massive problem for employees whose social security numbers, passports, medical records, termination letters, bank accounts, salary information, and more are stolen in these attacks.

Unfortunately, many companies choose to sweep ransomware attacks under the rug and do not adequately disclose that personal data was stolen, even to employees who were affected.

Numerous times in the past, employees of ransomware attacks have contacted BleepingComputer to learn more about what was stolen in an attack because the company they work for was denying it.

“Can you share what was stolen? We were just told that there were IT problems and they are denying any attack,” an employee of a breached company asked BleepingComputer.

Another employee contacted us after a company was hit with a ransomware attack where data was stolen and told us that their company was not providing any information.

“I have not received any word from anyone about the data breach. Management has been very quiet,” another employee told BleepingComputer in an email.

The denial of stolen data is not fair to employees, as the attackers could use their stolen personal information for identity theft and fraud. If an employee does not know what happened, they have no way to protect themselves.

Also read: 4 easy guides to data breach assessment

Ransomware victims start issuing data breach notifications

The good news is that corporate victims are finally starting to issue data breach notifications when affected by a ransomware attack.

In addition, most of them offer free credit monitoring and identity theft protection to affected employees and clients so that they can be alerted if their data is used publicly or for fraud.

Some of the companies that BleepingComputer has seen issuing data breach notifications include:

RailWorks: US Railroad Contractor Reports Data Breach After Ransomware Attack

RailWorks Corporation disclosed a ransomware attack that led to the exposure of current and former employees’ personal information.

ExecuPharm: Clop ransomware leaks ExecuPharm’s files after failed ransom

ExecuPharm publicly disclosed a CLOP Ransomware attack and issued a notice of data breach letter to affected individuals.

Magellan Health: Healthcare giant Magellan Health hit by ransomware attack

Fortune 500 company Magellan Health Inc announced that they were a victim of a ransomware attack on April 11, 2020, which led to the theft of personal information.

Cognizant: IT giant Cognizant confirms data breach after ransomware attack

Cognizant suffered a Maze ransomware attack and later issued a series of data breach notifications.

Those companies who issue data breach notifications should be lauded for not only doing what they are supposed to under privacy laws but also doing the right thing by their employees.

Those victims who continue to hide their ransomware attacks should follow suit, not only for the benefit of their company but also their employees.

Also read: Privacy policy template important tips for your business

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us