New Ransomware strategy: pay ransom or publish data!

M.Sc. Chris Wojzechowski

New Ransomware strategy: pay ransom or publish data!

The new Ransomware strategy can result in a rattail of costs for those affected. The affected data will now be published if no ransom is paid. Depending on the criticality of the data, this publication may entail further costs. A DSGVO offence could then be the coffin nail.

REvil Ransomware wants to publish data if not paid.

Criminals also constantly come up with something new. And there are hardly any limits to creativity. That shows the current trend of Ransomware. Before the data is encrypted, the cyber criminals steal it. The victim does not want to pay the demanded ransom payment

Then the data is either publicly released or sent to a competitor. From the point of view of the Ransomware developers, this is more promising than simply decrypting the data again. This trend leads to Ransomware attacks becoming data leaks.

In hospitals, practices and other medical facilities, which are rarely as well positioned in the IT security sector as companies in the high security sector, one incident can be the last. Personal and particularly sensitive data, such as membership of a religion or the degree of disability, should not be made accessible to third parties. A recent fine imposed on a hospital in Rhineland-Palatinate shows that incorrect handling of information can quickly become expensive. 105,000 EUR expensive.

The new Ransomware strategy has the same vulnerability as any malware: the human!

For years technical systems have been developed to keep malware out. However, they never promised 100% security. Increasing digitalization makes it increasingly difficult to maintain a 360° overview of the infrastructure, devices and network.

Since most cyber attacks use email as a gateway, solutions are popular – but the one or other phishing email or mail with malware still gets through. This residual risk can only be reduced by informed and trained employees.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.