Commentary – Ransomware operators might be dropping file encryption in favor of corrupting files
Change is an inevitable and powerful force that everyone should plan for and the expectation that nothing will change can be dangerous. The world of ransomware blackmail is becoming more… destructive. Threat actors are now starting to change their encryption plans to just outright delete or corrupt data. They are hoping to use this as a driving force to have the ransom paid quicker with a more immediate call to action such as not even having a chance to decrypt data. This will bypass any possible hope of finding a decryption tool to save their information as there will be nothing to save.
This again falls back on the importance of an offline storage backup and at best, one on site and one offsite. Scheduled plans to make sure your company’s backup remediation works properly and auditing it from time to time to improve its effectiveness. The threat actors do not care about your data and are trying to get as much money as they can from as many infected systems as possible. It makes sense that they are using easier and cheaper programs that just delete data instead of encrypting it. Their motives come down to efficiency and money, they want to twist your arm harder for that ransom and turned to data destruction as a primary force. Change can work both ways though, we can also evolve to overcome the increasing threats in our digital landscape with awareness and planning to expect the unexpected. That planning starts at effective backups and rolls into active security hardening for effective evasiveness.
Commentary by Marcus Meng
Based on an article from scoonline.com