What Kind of Data Does Ransomware Steal?

You know the term “ransomware.” It’s all over the news, and it’s because it’s a huge threat to all types of businesses, regardless of size or industry. If you want to protect your business’ future, you have to implement security measures that will allow you to not only address ransomware but prevent these attacks altogether. Depending on the type of data you store, you might find yourself more susceptible to ransomware attacks.

What is Ransomware?

Ransomware is an increasingly popular method of cyber extortion in which attackers steal data or encrypt files on a user’s PC in exchange for a ransom. More recent variants of ransomware have also threatened to leak data stolen online, further complicating the issue, as the ordinary method of responding to such an attack (restoring an offline backup) is no longer viable. These types of double-extortion attacks are viable because the types of sensitive data that tend to be stolen are often governed by compliance laws.

What the Numbers Say

A recent report examined the data stolen by ransomware gangs and discovered that certain types of data were more valuable (or at least more common) targets. Rapid7, a cybersecurity company, examined 161 ransomware attacks and found some commonalities amongst them. According to Rapid7’s analysis, the following types of data are most likely to be targeted by ransomware attacks, the bulk of which was comprised of two specific industries:

• Financial services
  • Customer data (82%)
  • Employee personally identifiable information (59%)
• Healthcare industries
  • Financial information (71%)
  • Customer and patient information (58%)

The common trend between both of these sectors is that the information stolen is incredibly valuable to hackers in that they can sell the information online, allowing others to impersonate or commit fraud using the personally identifiable information or financial credentials. While it’s true that these types of data were the most targeted, it should be mentioned that you should never let your guard down, even if you don’t collect data like this for your business. All data is valuable for hackers in some way, shape or form, and you should be doing what you can to protect it at all costs.

What Can You Do?

With so many threats out there, how is your business supposed to keep all of its sensitive data secure from cyberattacks? In addition to taking regular backups and maintaining them in secure off-site locations, we recommend that you take multiple approaches that all work toward the same goal: keeping attackers out of your network and monitoring your infrastructure to promptly address security discrepancies as they emerge. By taking this proactive approach, you will be more likely to halt data breaches before they can have a significant impact on your operations.

BNMC can help you implement the appropriate security measures to ensure this happens without a hitch. To learn more, contact us at (978) 482-2020.