Traditional ransomware encrypts a victim’s data and demands a ransom payment to decrypt it. Companies are able to defend against traditional ransomware by maintaining an up-to-date secure backup so that files can be restored without paying criminals. The attackers behind the Maze ransomware and Sodinokibi (REvil) ransomware have changed tactics by first stealing a copy of the victim’s data before encrypting it. If the victim refuses to pay the ransom, the attackers leak the stolen data little by little, hoping to force ransom payments. Now another criminal group has indicated they will adopt the same approach. Nemty ransomware has outlined plans to create a blog where the stolen data would be leaked. The theory is that a victim might be more apt to pay the ransomware than face possible fines, loss of business, tarnishing the brand image, breach notifications costs and protentional lawsuits if the data is leaked.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is