Ransomware attacks shift focus to data extortion, US expert warns

Ransomware attacks shift focus to data extortion, US expert warns

By Kuksung Nam, The Readable
Mar. 21, 2024 9:12PM GMT+9

An expert at a United States cybersecurity firm highlighted on Wednesday that ransomware attackers are increasingly focusing on exfiltrating victims’ data rather than encrypting it, aiming to maximize their financial gains.

Steve Ledzian, Chief Technology Officer for Asia Pacific and Japan at Mandiant, a cybersecurity firm owned by Google, observed a shift in the cyber threat landscape, particularly targeting cloud services. Drawing on a report issued by Google Cloud last month, the CTO highlighted changes in ransomware attackers’ tactics.

Steve Ledzian, Chief Technology Officer for Asia Pacific and Japan at Mandiant, a Google-owned cybersecurity firm, discusses the evolving threat landscape at a press briefing on Wednesday. Photo by Kuksung Nam, The Readable

In addition to traditional ransomware attacks, where cybercriminals encrypt victims’ data and offer decryption in exchange for payment, attackers are now also stealing critical data from servers and threatening to publicly disclose it. The impact of such data exposure can vary depending on the nature of the victim’s organization but often results in more severe consequences than mere service disruption, including but not limited to reputational damage and potential regulatory or legal repercussions.

The report highlights that LockBit, one of the most prolific ransomware groups, stole data from Taiwan Semiconductor Manufacturing Company (TSMC) and posted it on their leak site in July 2023. The cybercriminals demanded $70 million, threatening to either destroy the stolen information or release it to the public if their demands were not met. International law enforcement officials disrupted the ransomware group last month.

The expert revealed that they have observed instances where attackers skipped the encryption step entirely, opting instead for direct data extortion. As cybercriminals refine their focus on data extortion, the CTO cautioned that they might begin targeting the clients of their initial victims, harassing them for further financial gain. He emphasized the potential threat this poses to the Asia-Pacific region, noting that ransomware attacks have been detected across the region on a monthly basis.

Ledzian remarked, “It is more accurate to view today’s ransomware as being human beings rather than being merely malware. It’s not just about malware infiltrating someone’s email and affecting their laptop. Instead, it involves a human hacker breaching an organization’s network. They navigate through the network to locate critical servers and then encrypt those servers simultaneously for maximum impact.”


This article was copyedited by Arthur Gregory Willers.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.