An expert at a United States cybersecurity firm highlighted on Wednesday that ransomware attackers are increasingly focusing on exfiltrating victims’ data rather than encrypting it, aiming to maximize their financial gains.
Steve Ledzian, Chief Technology Officer for Asia Pacific and Japan at Mandiant, a cybersecurity firm owned by Google, observed a shift in the cyber threat landscape, particularly targeting cloud services. Drawing on a report issued by Google Cloud last month, the CTO highlighted changes in ransomware attackers’ tactics.
In addition to traditional ransomware attacks, where cybercriminals encrypt victims’ data and offer decryption in exchange for payment, attackers are now also stealing critical data from servers and threatening to publicly disclose it. The impact of such data exposure can vary depending on the nature of the victim’s organization but often results in more severe consequences than mere service disruption, including but not limited to reputational damage and potential regulatory or legal repercussions.
The report highlights that LockBit, one of the most prolific ransomware groups, stole data from Taiwan Semiconductor Manufacturing Company (TSMC) and posted it on their leak site in July 2023. The cybercriminals demanded $70 million, threatening to either destroy the stolen information or release it to the public if their demands were not met. International law enforcement officials disrupted the ransomware group last month.
The expert revealed that they have observed instances where attackers skipped the encryption step entirely, opting instead for direct data extortion. As cybercriminals refine their focus on data extortion, the CTO cautioned that they might begin targeting the clients of their initial victims, harassing them for further financial gain. He emphasized the potential threat this poses to the Asia-Pacific region, noting that ransomware attacks have been detected across the region on a monthly basis.
Ledzian remarked, “It is more accurate to view today’s ransomware as being human beings rather than being merely malware. It’s not just about malware infiltrating someone’s email and affecting their laptop. Instead, it involves a human hacker breaching an organization’s network. They navigate through the network to locate critical servers and then encrypt those servers simultaneously for maximum impact.”
