Ransom Paid, Data Leaked Anyway

Stealing sensitive data is now routine for ransomware attackers, who threaten to release it if the ransom isn’t paid. Victims of ransomware attacks have very little leverage, and if they use what leverage they have to negotiate the price down, a gang like BlackMatter might take revenge. That’s exactly what happened to an unnamed company when BlackMatter ransomware group used a phishing email to compromise the account of a lone victim. The attackers had access for at least a few weeks before systems were encrypted and a ransom was demanded. Cybersecurity experts urge victims not to pay for a decryption key because this only shows hackers that such attacks are effective, but the unnamed company beat the price down by half and paid up in Bitcoin. Apparently the attackers were miffed by the negotiation process, and leaked the data a few weeks later. Security responders from Barracuda helped the victim isolate the infected systems, bring them back online, and restore them from backups. After an audit of the network, multi-factor authentication (MFA) was applied, suggesting that a lack of MFA helped the attackers gain access in the first place. According to Barracuda, ransomware attacks are on the rise, but fewer victims are paying ransom.