From Ransomware Attack to Data Breach…
Starting in 2019, attackers using ransomware developed a new way. According to this, attackers steal the victim's files before encrypting the computers and reveal this information to the public if he is not paid.
The risk for companies is quite high because the stolen information can include all financial information of the institution, personal data of employees and customers, and critical data about the organization. The most important thing that emerged with this public disclosure situation is; Organization going from a ransomware attack to a data breach state…
The latest example of this is when ransomware operators known as "Project Nemty" punished a large American company that did not pay them by sharing 3.5 GB of allegedly stolen information on the internet.
The transition from ransomware to data breach is an important point. The acceptance of this new method means that every ransomware attack must now be treated as a potential data breach. Data breach, on the other hand, is a situation that has serious penalties with laws and regulations.
With this new method, the attackers aim to have their victims pay themselves instead of paying data breach penalties and having their reputations destroyed.
I don't want to pay a ransom or suffer a data breach, what should I do?
If you do not want to face ransomware, the solution is not difficult. By taking the necessary precautions, you can easily protect yourself from such situations.
The most important thing to prevent ransomware attacks; It is user awareness, not high-level cyber security solutions, as everyone first thinks of it. The majority of attacks are e-mail-based phishing, unknown web pages, or downloading files and applications of unknown origin. With awareness training, it is possible to prevent such attacks, but even careful users can sometimes fall into such traps.
Therefore, make sure that your systems and applications are always up-to-date and use a reliable endpoint protection or antivirus solution by starting Awareness Trainings.
Source: BleepingComputer.com
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.