For years, ransomware attacks involved the encryption of a victim's files and a simple transaction: Pay the money, get the decryption key. But some attackers also dabbled in another approach—not only did they encrypt the files, but they stole them first and threatened to leak them, adding additional leverage to ensure payment. Even if victims could recover their affected data from backups, they ran the risk that the attackers would share their secrets with the entire internet.
Today incorporating extortion is increasingly the norm. And ransomware groups have even taken it a step further, as is the case with cybercriminal group Babuk, focusing completely on data theft and extortion and not bothering to encrypt files at all. They're thieves, not captors.
“Data encryption is becoming less of a part of ransomware attacks for sure,” says Brett Callow, a threat analyst at the antivirus firm Emsisoft. “In fact ‘ransomware attack’ is probably something of a misnomer now. We’re at a point where the threat actors have realized that the data itself can be used in a myriad of ways.”
The same day Apple was set to announce a slew of new products at its event, ransomware gang REvil said they had stolen data and schematics from Apple supplier Quanta Computer about unreleased products, and that they would sell the data to the highest bidder if they didn’t get a $50 million payment. As proof, they released a cache of documents about upcoming, unreleased MacBook Pros. They've since added iMac schematics to the pile.
The connection to Apple and dramatic timing generated buzz about the attack. But it also reflects the confluence of a number of disturbing trends in ransomware. After years of refining their mass data encryption techniques to lock victims out of their own systems, criminal gangs are increasingly focusing on data theft and extortion as the centerpiece of their attacks—and making eye-popping demands in the process.
"Data encryption is becoming less of a part of ransomware attacks for sure. In fact ‘ransomware attack’ is probably something of a misnomer now. We’re at a point where the threat actors have realized that the data itself can be used in a myriad of ways.”
A company like Apple would presumably take the threat of leaking intellectual property seriously. But nonprofits, especially those that hold sensitive data from donors, have even more incentive to pay if they think it will help cover up an incident. And given that organizations have historically often paid ransoms in secret, a force that may push even more transactions in that direction will only increase the challenge of getting a handle on ransomware gangs. The Justice Department said on Wednesday that it is launching a national task force aimed at addressing the ever-rising threat of ransomware.
Given how aggressively ransomware has evolved—and on an international scale—they'll have their hands more than full.
So what can you do to help get ahead of cybercriminals? Artificial Intelligence (AI) is increasingly being used in what's called Human Layer Security. By learning the behaviors of employees, Human Layer Security can help prevent data loss through employee mistakes like falling for a phishing attack, giving hackers access to the entire donor database. For nonprofits, that solution is Gravyty Guard.
Blanket data loss prevention solutions don't fit the specific needs of nonprofits. As the leading provider of AI for fundraising, Gravyty's AI understands how nonprofits operate and can help prevent possible data breaches that traditional software wouldn't catch.