The latest ransomware ploy

Say your company has just been attacked by a ransomware gang, and they are demanding payment or they will do various criminal acts. So whom do you call first?

  1. The corporate security manager, to lockdown your network and begin the process of figuring out how they got in, what damage they have caused, and what your company needs to do to get back to normal operations,
  2. The chief legal officer, to activate law enforcement solutions,
  3. Your insurance agent, to find out the specifics of your cybersecurity policy and to begin the claims process
  4. The chief compliance officer, to begin the process of letting the various regulatory authorities know that a breach has occurred.

Ideally, you should make all of these calls in quick succession. But a situation involving a finserv firm’s ransom attack earlier this month has brought about a new wrinkle in what is now called the multipoint extortion games. This term refers to ransomware gangs using more than just encrypting your data as a way to motivate a company to pay up. Now they file a complaint with the SEC.

Say what? You mean that the folks who caused the breach are now letting the feds know? How is this possible? Read this story by Ionut Ilascu in Bleeping Computer for the deets. They have the victim on the record that they were breached, and information from the ransomware group seems to match up with a complaint that was filed with the SEC at about the same time period. So how annoyed were the ransomware gang that they decided on this course of action? The victim says they have contained the attack. The one trouble? Apparently the breach notification law doesn’t come into effect until next month that requires the mandatory disclosure. Someone needs to provide legal assistance to the bad guys and at least let them know their rights. (JK)

But seriously, if you have a corporate culture that prevents breach disclosure to your customers — at a minimum — now is the time to fix that and become more transparent, before you lose your customers along with the data that the ransomware folks supposedly grabbed.

This week on SiliconANGLE, I covered major security announcements adding AI features to the product lines of Microsoft, Palo Alto Networks, and Wiz. All are claiming — incorrectly — to be the first to do so.

One thought on “The latest ransomware ploy

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.