Ransomware operators have increasingly turned to threatening companies with the release of stolen data to force more ransom payments. Stealing data requires the threat actors to stay undetected for a longer period of time while they locate and access the most valuable data sources at a victim company. It is always important to keep anti-virus solutions up-to-date in order to protect against ransomware. Anti-virus can’t stop targeted attacks, however, because the threat actors often change the malware to be unique and ensure that it isn’t detected by anti-virus just before deploying it. Companies should also consider adopting an EDR (Endpoint Detection and Response) plan as part of their defense-in-depth strategy because it can detect attacker behaviors and give analysts a chance to respond before serious damage is done. SOC (Security Operations Center) analysts at Binary Defense work around the clock to monitor client workstations and detect threats to stop them before they become a bigger issue. Keeping secure backups of files offline should also be considered so that they can be recovered if they happen to be compromised.

Source: https://securityaffairs.co/wordpress/98694/malware/sodinokibi-kenneth-cole-data-breach.html