"Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?"
Security researchers at Rapid7 wanted to answer a research question they had which is "if your organization gets hit by a ransomware gang that has also managed to steal company data before hitting the encrypt button, which types of data are more likely to end up being disclosed as you debate internally on whether you should pay the ransomware gang off?" The researchers analyzed 161 data disclosures performed by ransomware gangs using the double extortion approach between April 2020 and February 2022. They found that the most commonly leaked data is financial (63%), followed by customer/patient data (48%). The researchers also found that files containing intellectual property (e.g., trade secrets, research data, etc.) are rarely disclosed (12%) by ransomware gangs, but if the organization is part of the pharmaceutical industry, the risk of IP data being disclosed is considerably higher (43%). The researchers noted that this is likely due to the high value placed on research and development within this industry. The researchers said that the data most disclosed depends on what sector is breached. The researchers found that victims in the financial services sector should mainly worry about customer data being released. It happened in 82% of the analyzed cases, while the average percentage for all disclosures across all sectors is 41%. The researchers noted that stolen employee PII and HR data, as well as finance and accounting data, are also leaked often (59% and 50%, respectively). The researchers stated that victims in the healthcare sector have their finance and accounting data leaked in 71% of cases and their customer and patient data leaked in 66% of cases. The researchers noted that organizations in the pharma sector should worry especially about their IP being released, as well as their finance and accounting data (71%). The researchers advise companies to make backups and ensure the data in them can be quickly restored. The researchers also noted that organizations should counter the data disclosure threat by using file encryption, rendering any files unreadable to unauthorized eyes, and to minimize attackers' movements via network segmentation.
Help Net Security reports: "Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?"