CAN A RANSOMWARE ATTACKER COMPLAIN ABOUT ITS VICTIM?

That appears to be just what happened. A ransomware group took the most unusual tactic of filing a complaint to get their victim to pay up. In this BlogBytes we will delve in to this extraordinary circumstance and discuss the wicked world of ransomware and how to safeguard your organization and data including essential protection from LTO tape technology.

UNUSUAL RANSOMWARE COMPLAINT

As reported in an arstechnica.com article a ransomware organization called AlphV said it filed a complaint with the US Securities and Exchange Commission (SEC) in an apparent attempt to make the breach more public to put pressure on their victim to pay up. The SEC apparently has adopted a rule that states publicly traded firms must file a disclosure with the SEC upon learning of a breach to their security that has impacted their business. AlphV reported that their victim had gotten hacked, by AlphV, but hadn’t disclosed it. Now that’s a twist.

Interestingly, as described in a TechTarget.com article, AlphV was apparently one of the most active ransomware extortion groups last year. The TechTarget article points out that a number of firms that were targets of ransomware attacks in 2023 were healthcare organizations. Lehigh Valley Health Network (LVHN) was another victim of an AlphV/BlackCat attack and stated, “BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise.” Subsequent to LVHN’s refusal to pay the ransom demand, “BlackCat operators leaked nude photos of cancer patients to increase the pressure.”  LVHN notified its clients of the breaches. Following these incidents as relayed in the article, “The Department of Justice announced that the FBI seized several websites that belonged to the Alphv/BlackCat ransomware gang and developed decryption tools to help victims recover.”

PROTECT YOUR ASSETS 

It is an unfortunate reality that sooner or later most organizations will experience a cyber-breach of their infrastructure and data. These assaults can be overwhelming to a company with the loss of business, loss of productivity, disruption to customers, and costs to recover. Technology Magazine.com recently published 10 ways to protect your organization and assets from cyber-threats. The list includes:

  • Have a response plan in place
  • Conduct regular security audits
  • Use Antivirus and Anti-Malware Software
  • Train Employees on Cybersecurity Awareness
  • Backup Data Regularly

Backing up data on a regular basis is a critical step to protect information, to recover from the inevitable cyberattack and to limit the damage.  While it is very difficult to stop double extortion once your data has been comprised, experts still recommend keeping copies of your data securely offline using tape technology. What makes tape a key weapon in the fight against ransomware is that you can place your data behind a physical, disconnected, air gap barrier. It is the final part of the 3-2-1-1 rule which proposes users should maintain three copies of their data, on at least two different media types, with one stored offsite and one stored offline.

In the event of a double extortion attack, and bearing in mind that in many cases, data is published regardless, at least you then have a choice. You can deal with the known consequences of a data breach while recovering all of your data from good tape copies.

In turn, this could mean that you can ignore the ransomware demands because you are able to recover the data and focus instead on improving your cyber security defenses. And that matters because even paying the ransom is no guarantee of recovering your data.

The Veeam Ransomware Trends 2023 report, encompassing 1200 organizations, offers a sober perspective: one in four organizations surveyed paid the ransom but were left empty handed when it came to data restoration. Veeam’s findings also revealed that almost 50% of all production data was targeted with ransomware. It concluded that:

“2 out of 5 pieces of data your company relies upon was affected, including databases, sensitive files and email accounts, which are lost in the average attack”

LTO tape technology provides essential support here. When an LTO data cartridge is removed from the tape drive an air gap is created between the data and the system. The air gap prevents cyber access which makes the tape data inaccessible and cyber-safe. Offline air gapped tape storage protects the data from being stolen, destroyed or held for ransom. In addition, LTO tape technology supports data encryption to further protect sensitive information.  

CHECK OUT THIS RANSOMWARE VIDEO

When it comes to cyber-warfare and its unusual twists and turns an organization must take the necessary steps to protect its self. To learn more about defending against ransomware assaults see this short video.