By now, most people are familiar with ransomware, in which cybercriminals encrypt your data and demand payment for its release. Leakware, or extortion ware, is a similar threat but with an added risk: attackers threaten to release confidential information online if their demands aren’t met.
Consider the sensitive information your business wouldn’t want made public—your intellectual property, trade secrets, customer databases, or financial data. Leakware targets these assets and can damage your business and the individuals whose information may be exposed. This puts your customers or citizens at increased risk for fraud or identity theft.
Specific sectors are especially vulnerable to leakware attacks. For example, the public sector faces threats to disclose confidential citizen data, and healthcare organizations are prime targets due to the sensitive nature of patient information.
Like ransomware, leakware is costly, with expenses extending beyond the ransom itself.
Associated costs may include:
Downtime and lost revenue
Damage to brand reputation
Recovery and mitigation expenses
Non-compliance fines and penalties
Fraud protection services for affected individuals
Loss of customer trust and potential sales
According to Acronis, "Nearly 3 out of 4 companies infected with ransomware suffer two days or more without file access," underscoring the far-reaching impact of these attacks.
Leakware Prevention and Planning
Preventing leakware requires a similar approach to ransomware defense. For instance, hackers recently accessed sensitive data in Johannesburg and demanded four bitcoins to avoid releasing it. The city refused to pay, though it remains unclear if the data was ultimately exposed.
To defend against leakware:
Use Robust Security Software: Ensure antivirus and firewall software is installed and up to date. Security patches often include fixes for new vulnerabilities, so don’t skip those updates.
Adopt the Principle of Least Privilege: Limit access to data based on roles, granting users only the permissions they need. Adjust access if roles change, reducing the risk of data exposure if an account is compromised.
Implement Content Scanning and Email Filters: Set up filters to detect and block malicious content before it reaches your employees.
Prioritize Employee Awareness: Educate staff on social engineering threats and safe internet use, especially when working remotely. Encourage the use of a secure VPN when connecting from public networks.
Maintain Regular Backups: Follow the 3-2-1 backup strategy—keep three copies of your data, one copy in the cloud, and two copies on separate devices, like a local computer and a backup drive.
By taking these proactive steps, you can significantly reduce the risks of leakware and ensure your business and customers remain protected.
Leakware and ransomware are on the rise. No business or industry is immune. Protect your data. If you need help with your prevention efforts, call (786) 233-2002.
Comments