More than 1,000 companies worldwide fell victim to an emerging type of ransomware attack during the first 10 months of 2020, in which hackers not only lock users out of their computers but also threaten to leak files unless a ransom is paid.
Nikkei, in cooperation with cybersecurity company Trend Micro, tallied the number of businesses that had information leaked on the dark web.
Traditional ransomware simply encrypts data in the target’s computers, to be unencrypted in exchange for a ransom. But the new type of attack, in which criminals first steal the data that they then threaten to leak, has increased rapidly since 2019. These types of attacks can be particularly damaging to a company, since information leaks could tarnish their reputation.
One recent victim was Osaka-based game developer Capcom. A ransomware group called Ragnar Locker, which appears to be a Russian organization, leaked sensitive files such as passport copies and game release schedules stolen from Capcom after the developer apparently refused to pay JPY 1.1 billion (USD 10.6 million) in ransom.
Troves of data from South Korea’s LG Electronics were leaked online in July, including information on product development that involved business partners. Sensitive data tied to automobile designs from a Toyota Motor partner was also disclosed in a similar attack.
Most businesses report such incidents to authorities instead of paying the ransom. But 32% of respondents said they paid attackers an average of USD 1.17 million, in a survey of Japanese companies and government offices conducted by CrowdStrike in August and September.
Most companies victimized by these ransomware attacks had antivirus software on their computers.
Businesses “need to prevent malicious use of data even if they are subject to a ransomware attack by encrypting confidential information and setting passwords,” said Takeshi Doi, who heads a cyber risk unit at MS&AD InterRisk Research and Consulting.