Recent ransomware threats leveled at President Trump, Lady Gaga and Madonna have raised awareness of the need to not only better secure data but also devoting more resources to determine what data has been exposed on the Dark Web.
The cybercriminals who make up the REvil (Sodinokibi) ransomware gang this week launched an auction site where they plan to sell stolen data they were unable to ransom. Previously, REvil claimed to have stolen data from Grubman Shire Meiselas & Sacks, a law firm that primarily serves celebrities, and Agromart, an agricultural company based in Canada. Other apparent victims include Wartman Law Firm, Fraser Wheeler and Courtney LLP and Vierra Magen Marcus LLP.
While REvil has launched a series of high-profile attacks, it’s not clear how sensitive the stolen data really is. It’s likely most of the data is going to be of more interest to rivals of the law firm to understand how business deals were structured than it is to anyone hoping to discover a salacious piece of information about a celebrity or public figure.
DarkOwl, a provider of a search engine service optimized of the Dark Web, has been providing regular updates on the activities of the REvil (Sodinokibi) ransomware gang. However, DarkOwl CEO Mark Turnage warns there are plenty of other cybercriminals offering all kinds of data for sale that most of the organizations affected often know nothing about. As cybercriminals have become more adept at identifying data that might be of interest to specific parties, Turnage said the effort to either extort money or outright sell data on the Dark Web has become more sophisticated.
Naturally, some organizations will elect to ransom their data in the hopes that cybercriminals honor their pledge. Other organizations, however, will elect to not pay ransom. After all, no one can be sure the cybercriminals actually have the data they claim or if it is of any real value. No one can be sure the criminals won’t ask for more money at a later date, either. Claiming to have certain data that never existed is becoming part of larger disinformation campaigns that are being launched via the Dark Web, Turnage noted.
Savvy organizations are first proactively monitoring the Dark Web to determine if their data is already for sale or they are about to become a target. In the former cases, organizations can minimize those threats by alerting customers and changing the terms and conditions of a contract to render the stolen data moot. Organizations that discover they are about to become target can then hopefully strengthen their defenses in the hopes that by being forewarned, they will be forearmed, he said.
Regardless of the motivation, Turnage said organizations large or small can no longer afford to ignore the Dark Web. Organizations need to put in place some form of early warning system that surfaces data breaches while there is time to minimize the damage, he noted.
There isn’t likely to be anything that approaches perfect security anytime soon. As such, organizations need to assume data is going to fall into the wrong hands. The question now is how to respond once a data breach raises its ugly head.