Cybercriminals are increasingly using exfiltration+encryption attacks to steal data from companies and public-sector organizations, according to anti-malware and antivirus software company Emsisoft. But, organizations that understand how to identify and address these attacks can prevent them from causing downtime and data breaches.
Exfiltration+encryption attacks are problematic for several reasons, including:
- Brand Reputation Damage: Exfiltration+encryption attacks can hamper an organization's brand reputation and make it difficult to compete with industry rivals.
- Cost: Exfiltration+encryption attacks can disrupt everyday business operations and increase the risk of compliance fines and penalties.
- Risk of Future Attacks: Exfiltration+encryption attacks enable cybercriminals to steal sensitive information that they can use to launch spear-phishing, business email compromise (BEC) and other cyberattacks.
Meanwhile, approximately 11 percent of ransomware attacks were launched by cybercriminal groups that tried to steal victims' sensitive data in the first six months of 2020, an ID Ransomware analysis of 100,001 ransomware attack submissions revealed.
How to Guard Against Exfiltration+Encryption Attacks
Cybercriminal groups can exfiltrate data; some of these groups steal information and use the threat of its release to extort payments, while others covertly steal data, Emsisoft noted. Furthermore, cybercriminal groups that covertly steal data may not exfiltrate as much information as other groups, but they may extract data that has a significant market value or can be used to attack other organizations.
Ultimately, organizations must uncover ways to guard against exfiltration+encryption attacks. To help organizations detect and resolve these attacks, Emsisoft offers the following recommendations:
- Leverage multi-factor authentication (MFA).
- Deactivate remote desktop protocol (RDP) unless it is required; if RDP is necessary, organizations must lock it down accordingly.
- Use network segmentation and email and web filtering tools.
- Deploy patches regularly.
- Disable PowerShell whenever possible.
- Implement security tools and processes to watch for indications of compromise.
- Conduct security awareness training.
How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.