Hackers who use ransomware to conduct their attacks have a new trick up their sleeves. A ransomware family has begun employing the tactic of not only demanding payment to unlock infected systems, but also demanding an additional payment.
They're demanding an extra payment to keep them from publishing copies of the files they stole before encrypting everything.
Hackers have been making the claim for years that they were doing more than just encrypting files, but actually exfiltrating data too. It wasn't until recently, though (November 2019) that a group actually published stolen data as proof that this was, in fact, occurring.
Although this tactic is only currently in use by a hackers deploying the Ako Ransomware, you can bet that the idea will spread like wildfire. After all, there's no real downside as far as the hackers are concerned, and they can coax a bit more money out of the companies, individuals, and organizations they successfully attack.
Bleeping Computers recently interviewed an Ako operator, who confirmed that the tactic was in use and had been successful. The operator said that the tactic was only used on certain victims, depending on the size of the company and the type of data that was stolen. They were very upfront and matter of fact about it.
This underscores two important points:
First, ransomware attacks are data breaches. The hackers aren't just encrypting your files, they're making off with copies too.
Second, backups are incredibly important! Having up to date backups won't prevent a hacker who successfully breaches your system from releasing the data they stole if you don't pay. At the very least, however, you can get your company up and running again in short order without having to pay to have your files decrypted. Sadly, too many companies still don't have a robust backup plan in place. If that describes your company, it's well past time to change that.
The risks are tremendous, and they are growing.