Ransomware Gangs Resort to Corporate Blackmail
Industrial espionage is nothing new and the targets are often executives or employees in sensitive positions. What’s new is how it’s now being conducted. It no longer involves wiretapping or on-site espionage through moles. It’s now conducted in cyberspace, through compromised networks leading to executive workstations, where practically everything is stored.
And within those workstations, exist confidential information, business contracts, shady contacts, inappropriate images, cases of litigation and outright corporate gossip that can land any company in hot water. Sometimes, this stuff can be more valuable than financial credentials. Such things open up corporate targets to extortion. Data can be recovered if properly backed up but reputations are a different matter, especially in today’s cancel culture.
Ransomware gangs like Clop are no longer satisfied in holding data hostage and leaving companies in the mud when they choose not to pay. They have evolved to full criminal mode by adding blackmail to their list of crimes. They now threaten organizations that they’ll leak stolen sensitive information to leak sites if they’re not paid. Also, companies today can’t afford getting reported for a data breach, which these cybercriminals will only be too happy to do for them.
While all this sounds like outright data theft instead of ransomware, it’s quite close. Data is stolen through software, discretion and data are ransomed. This new trend by ransomware gangs spell bad news for corporations with skeletons in their servers but even worse for companies that are relatively dirt-free but can’t afford bad publicity. Skeletons or not, these gangs also resort to phone harassment to clients and vendors and post damning fabrications on social media. For companies without any dirty laundry, this problem will test how much cleverness and mettle their executives possess.
So far, the only ransomware gang involved in this are Clop ransomware operators, but it won’t be long before others decide to throw out that unwritten cybercriminal code to work exclusively in the shadows.