Leakware

1st March 2021 | Cybrary

Leakware, also known as Doxware, is a new more potent, and dangerous form of ransomware. When a ransomware Attack containing Leakware occurs, the attacker threatens to publicize personal data (confidentiality attack) from the victim’s hard drive unless the ransom is paid. This is in addition to the encryption of their files (availability attack).

For those who don’t know, ransomware is a type of malicious software designed to block access to a computer system, and more importantly, the critical data it contains until a sum of money or ransom is paid. Attackers ask for payment in bitcoin, making the payments largely untraceable by investigators. Bitcoin plays an important role in the growth of ransomware attacks because it shields hackers from being caught through the electronic payments they receive. This very anonymity led the US Treasury department to deem ransom payments illegal.

US Department of Treasury Makes Bitcoin Ransom Payments Illegal

It is this payment anonymity that led the US Treasury department to make it illegal to pay a bitcoin ransom in the US as of Oct. 1st, 2020. Their argument is that you might be paying a terrorist organization which is 100% illegal.

Over the past year, this strain of ransomware has been becoming increasingly popular among hackers. One popular strain goes by the name of Maze Ransomware. Maze and other new strains represent a triple threat to a user’s data security. In addition to encrypting your files (an availability attack), These hackers also have access to your data and can change it (an Integrity attack). Importantly, for companies that refuse to pay their ransom, MAZE exports their data and releases it to the Internet jeopardizing your data’s confidentiality. CyberHoot predicted this will force companies to pay their bitcoin ransom despite being able to restore their data from backups. However, as noted earlier, paying such a ransom is illegal, putting companies in a no-win situation.

What Should My SMB Do?

If you own a business, you need to be doing these things to protect your sensitive information:

Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
Train employees on how to spot and avoid phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protection, antivirus, and anti-malware on all your endpoints.
In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

Most of these recommendations are built into CyberHoot. With CyberHoot you can govern, train, assess, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity updates.