Many ransomware attacks aren't publicly disclosed. But as ransomware gangs continue to steal, encrypt and threaten to publicly release data, that finally may be changing.
The data theft and shaming tactic initiated by several ransomware groups, most notably Maze, has blurred the line between ransomware attacks and data breaches, forcing some enterprises into disclosing incidents when they would not normally go public.
Security researchers, analysts and IT risk assessors agree that companies most likely would not disclose a traditional ransomware attack unless legally required to do so. Jared Phipps, vice president of worldwide sales engineering for SentinelOne, said public disclosure of traditional ransomware attacks is rare. "I would say for every one ransomware incident that's disclosed, there's probably 100 that are not," he said. "A vast majority of ransomware attacks are undeclared because there is no data shaming involved."
But as attackers turn to stealing data and threatening public release on top of the ransomware attack, enterprises are left with fewer choices. While data shaming can lead to embarrassment for the victims, it's the data theft that ultimately compels them to go public.
Public disclosure is typically required when certain types of data are accessed or stolen, such as personally identifiable information (PII) and payment card industry (PCI) data.
Most U.S. states and many international regions have some form of breach disclosure requirement when personal and sensitive information of citizens has been accessed or revealed inappropriately, Rapid7 chief data scientist Bob Rudis said.
"Once attackers moved from encrypt and ransom to overtly steal, encrypt and threaten public disclosure (I say 'overtly' since it is likely many attackers who commit 'just' ransomware attacks also stole data) any organization who did not disclose the breach, in accordance with the regulations in the jurisdictions they operate in, would be liable to incur fines and other penalties so it is highly unlikely they would have tried to keep the theft and ransom breaches involving citizen PII private," Rudis said via email. "However, in the theft and ransom cases where company secrets and other data not involving citizen PII were stolen, many organizations have chosen to walk the fine line of not revealing the breach and just paying the ransom to avoid embarrassment."
Full article on https://searchsecurity.techtarget.com/news/252485950/Data-theft-in-ransomware-attacks-may-change-disclosure-game
#ransomware #databreach #security #privacy #yokdata