GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

By Dr. Darren Williams

Ransomware attacks have reached a record high this year, with nearly 250 attacks recorded to date and months to go. As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data.

Related: Kaseya breach worsens supply chain worries

Where previously ransomware gangs relied solely on the attack’s disruption to daily business to be enough for the victim to pay the ransom, today’s stakes are much higher, with gangs exfiltrating information to make ransom threats to sell or publish victims’ information far and wide.

This leaves many organizations frustrated, damaged and ultimately devastated, as fully recovering from the loss of sensitive and confidential files detailing financial information, business IP, customer data and more, can be a nearly impossible task.

The ongoing battle to secure data from highly sophisticated ransomware gangs like REvil and others continues to rage on, despite recent news that these groups have disbanded in response to pressure from law enforcement. In all likelihood, sophisticated adversaries like BlackMatter and others will likely resurface with a rebrand rather than disappearing entirely. So, with adversaries unlikely to let their foot off the gas for too long, how can organizations keep pace and stay safe?

The short answer is they can’t, especially if they stick to the same security approach they’ve  been using for years. The good news is that organizations are well aware of the issue at hand. In fact, recent research from Osterman Research found that almost half (47 percent) of respondents believe preventing data exfiltration is a high priority and is growing in importance. Whether a small or large organization, the need to secure data is critical as no organization is immune to the threat of data exfiltration. The issue, however, is responding to that awareness with action.


In response to the growing threat of ransomware attacks, organizations are piling on more and more “defense in depth” cybersecurity solutions that are costly and difficult to manage. In fact, Gartner forecasts that global spending on information security and risk management services will reach $150.4 billion this year. On average, 80 percent of organizations are using up to 10 separate cybersecurity solutions, primarily anti-virus and anti-spam on devices and on-premise backup tools.

But the bottom line is that more doesn’t always mean better. Organizations can invest in dozens of security tools, but if they don’t work, what’s the point? Despite organizations’ significant spending on cybersecurity over the past 12 months, almost half (41 percent) of organizations experienced an employee’s mistake resulting in data exfiltration and 33 percent experienced a credential theft resulting in data exfiltration. The takeaway from these findings is crystal clear: current security stacks are ineffective when it comes to preventing data loss.

Throwing money at the ransomware problem clearly isn’t working, as a majority of cybersecurity leaders still lack the confidence in their cybersecurity solutions’ ability to prevent data exfiltration and their companies’ ability to prevent insiders from exfiltrating data and prevent ransomware. Today’s technology and security strategies are falling short at keeping a company’s most critical asset – data itself – safe.

And while many organizations may have deployed data loss prevention (DLP) tools to attempt to put a band-aid on this bullet hole, the unfortunate news is that over half (51 percent) report that DLP tools cannot prevent data exfiltration and 60 percent believe they are not easy to maintain.

The question remains: where do organizations go from here? We know they are seeking a solution, as a majority of organizations report they want to address data exfiltration threats within the next year. But with a plethora of cybersecurity solutions available – many of which are clearly ineffective – where do they start?

The answer is simple: focus on the data. Instead of throwing more tools at the problem, organizations should look to deploy the right tools to win the war against ransomware.

Nearly all (94 percent) organizations consider anti data exfiltration (ADX) a top priority and promising solution to target evolving threats. This emerging technology can stop unauthorized data removal, disable any attacks and stop data theft extortion before damage is done.

In the end, the issue is clear — our data is at risk. In order to secure this critical asset, the first step is understanding the growing threat of data exfiltration and ransomware and rethinking our approach to security. After all, the definition of insanity is doing the same thing over and over again and expecting different results, so it’s high time we do something different.

About the essayist: Darren Williams is a serial entrepreneur and founder of several tech startups, most recently BlackFog, which supplies behavioral analysis and anti data exfiltration (ADX) technology. He holds a Ph.D. and Bachelor of Science with Honors from the University of Melbourne.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone