Positive Technologies experts: ransomware operators threaten to disclose stolen data unless the victims pay

Positive Technologies cybersecurity experts have summarized their  findings of the last quarter of 2019 in the report Cybersecurity Threatscape Q4. They found that the number of cyber attacks increased by 12 percent in comparison to the previous quarter, and that payment card information comprised almost a third (32 percent) of all data stolen from organizations. The report indicates that the number of targeted attacks increased by two percentage points versus the previous quarter, and now makes up 67 percent of all attacks.

Experts also found a growing number of advanced persistent threat (APT) attacks against individuals and governments. In autumn 2019, the Positive Technologies ESC (Expert Security Center) identified 17 attacks by the Gamaredon group, targeting state institutions and military and defense–related organisations in Ukraine. In December, the Bisonal group attacked government institutions in Mongolia, South Korea, and Russia. In the last quarter of 2019, Positive Technologies Expert Security Center (PT ESC) also recorded attacks by APT groups such as TA505, Sofacy (APT28), Donot (APT-C-35), Cloud Atlas, Bronze Union (LuckyMouse, APT27), Leviathan (APT40), SongXY, Cobalt, and RTM.

Overall, the industries which are attacked the most frequently remain the same as the previous quarter — government institutions, manufacturing, healthcare, finance, and education. Experts have also seen a two-fold increase in attacks on IT companies and retail businesses.

Payment card information made up almost a third of all data stolen from organizations (32 percent). This is 25 percentage points more than in the previous quarter. Experts believe this increase was caused by the peak shopping season during Christmas, the growing number of MageCart attacks, and also the second wave of attacks on Click2Gov service popular in the U.S.

Ransomware on the increase as tactics change

The expert’s analysis indicated that ransomware is increasingly dangerous to both organisations and individual users. The percentage of ransomware attacks has grown - 36 percent for organizations and 17 percent for individuals, versus 27 percent and 7 percent, respectively, in the previous quarter. Attacks of Sodinokibi, Maze, Ryuk, and Bitpaymer ransomware are among the most aggressive malware used by attackers.

The ESC also found a worrying new trend - ransomware operators are now holding data hostage, threatening to disclose stolen information to third parties, unless the victim pays the ransom.

According to Positive Technologies analyst Yana Avezova, "Companies have started paying more attention to making backups in the case of an attack. Attackers have become aware of this and now threaten their victims with further consequences by leaking their personal data. We found several incidences where companies refused to pay the ransom, and the attackers followed through on their threat."