Data breaches are down almost 25 percent this year — but it’s no cause for celebration: Cyber thieves have simply changed their game, and are now holding your data ransom instead of selling it. How does this affect your cloud storage and the safety of your personal data?
Cyberattacks such as WannaCry, NotPetya and Bad Rabbit “caused chaos across industries without compromising records,” noted the new IBM X-Force Threat Intelligence Index 2018, released last week. Global losses from WannaCry last year — including direct payments, downtime, and other business impacts — are estimated at more than $8 billion, according to a report by Reinsurance News.
“The hackers are just following the money,” said Paul Griswold, director of strategy and product management with IBM X-Force. “And from their perspective, ransomware is hopefully more profitable. Rather than having to steal records and then sell those records, they can just lock up your data with ransomware and get money directly from you.”
Criminals have so much compromised data available to them on the black market right now that it’s getting harder for hackers to monetize the records they steal, digital security experts tell NBC News. It’s simple supply and demand: The glut of stolen information has reduced the value of new stolen records.
“As a criminal, I would much rather simply compromise your organization, lock up your files, collect tens of thousands of dollars in a matter of a day or two, rather than try to glean all of your customers’ data, find a willing buyer for it and wait to get paid. The economics just make much more sense,” said Al Pascual, head of fraud and security at Javelin Strategy & Research.
Here’s the rub: Even if you pay the ransom, there’s no guarantee you’ll get the key to decrypt your files. Sometimes ransomware can’t be unlocked, if it’s not designed with a key, said Pascual. That’s why it’s critical to be prepared for the worst by backing up important files.
Successful cybercriminals were able to take advantage of human error and mistakes in infrastructure configurations to launch their attacks last year. Hackers are finding and exploiting misconfigured cloud servers and network backups to harvest both personal information and corporate secrets.
These infrastructure mistakes were responsible for exposing nearly 70 percent of all compromised records tracked by IBM X-Force in 2017. That’s more than 2 billion records, an increase of 424 percent from 2016.
This is dire news indeed, and it seems that data breaches, black market data trading and hacking tool development is going to skyrocket in the future as large amounts of data start gaining more and more value.