Find Out How Cybercriminals Use Stolen Data for Ransomware Attacks

It is always important to understand how exactly the hackers use the stolen data to get prepared for next time


In this era of instant communication, data is the new oil. It’s an immensely valuable commodity which is the reason why malicious hackers are always on the prowl for it and CISOs are always on their toes to prevent any breach. Of course, no business likes being breached, but in the unlikely event of one, it is always important to understand how exactly the hackers will use the stolen data for better preparation next time.

The most significant way in which hackers are exploiting stolen data nowadays is through ransomware. In May 2017, the widespread WannaCry ransomware attack had potentially devastating consequences.  

Understanding ransomware

Ransomware is a form of malware that affects systems by encrypting files on an infected device. These files are then held hostage until users pay an amount of ransom. This payment is usually demanded in the form of bitcoins which is a type of cryptocurrency which is impossible to trace. If the prescribed time to pay the ransom lapses, the threat is that the key to decrypt the files that have been held ransom will be destroyed forever.

But let us get to the source: how do these hackers manage to access this data in the first place? It typically affects system through vulnerabilities that are yet to be patched by system administrators. They can enter through:

  • Spam and social engineering – Users can be tricked into clicking on malicious links to compromised websites which lead to the download of the ransomware
  • Malvertising – Fake or deliberately false advertising can lead users to click on links which will mislead them somewhere else
  • Malware installation tools and botnets – Tools that spread malware across the network within the company’s local area network

Big data breaches

These kinds of malware can be used for big security breaches. In February 2016, hackers compromised Bangladesh Bank’s computer network and took advantage of their infiltration to attempt to steal $1 billion from the bank. The investigation found “footprints” and malware of hackers which suggested a system breach. The Bangladesh Bank also found that the malware installed had gathered information on the bank’s operational procedures.

There are other dangerous ways in which hackers can use stolen data to benefit themselves. In a similar vein to ransomware is cyber blackmail where criminals steal potentially embarrassing information and then blackmail the owners of this information with threats to reveal it to the public if not paid a ransom.

How hackers use stolen data

This information is high-value and hackers can sell it on black markets or the deep web for huge sums of money. But it can get worse – hackers can coordinate large-scale (and potentially devastating) DDoS (Distributed Denial of Service) attacks while also impersonating users to launch phishing attacks to access even more data.

Financial fraud can also be committed if the hacker finds important information such as credit card details in the stolen data. They can be used to commit identity fraud, create counterfeit cards, transfer money and pay fraudulent bills. Hackers can use these to make bulk online purchases leading to a hefty bill for the customer.

Of course, there are solutions to minimize this as well – it just needs both organizations and users to be more proactive about cybersecurity. For a start, password strength is exceptionally important. Organizations must make it clear to their employees about the importance of strong passwords along with the best practice of using different passwords for different accounts. Personal information should be exposed as sparingly as possible on the Internet with vigilance being employed for suspicious links and programs.

Network administrators can also employ robust solutions like Endpoint Security to provide endpoint and data security to organizations which provides a protection against viruses, malware, data loss, unauthorized data transfers and malicious websites among other things. With features likes Anti Ransomware, Data Loss Prevention and an Intrusion Prevention System, it provides an efficient, powerful, easy-to-use security solution to enterprises of all sizes. Last but not the least stay alert and stay cyber safe!


Around The World