Ransomware attacks have become so lucrative that many cybercriminals are changing their old ways in favour of this extortion-based cyberthreat. Ransomware gangs are not necessarily discerning when selecting their targets, and companies of all sizes and based in a wide range of sectors have become victims of attacks. This type of attack is typically successful when it can cause disruption to services and key process within a business; however, the latest double-extortion tactics have become the new normal and involve data theft.

When infiltrating a system, operators identify valuable information and, before encrypting files and operating systems with ransomware, they exfiltrate with stolen data. This information may be used by the gang behind the attack as leverage to force a payment but may also be sold on to other threat actors for use in malicious activities. Read on to find out the data types that are most sought-after by today’s ransomware groups.

Financial data

Account numbers and payment card details are desirable to ransomware gangs looking to sell stolen data. However, sensitive accounting information on companies and their clients can be exceptionally useful for operators looking to press their advantage and get a victim to pay. As a result, firms operating in the financial services are often targeted.

Personally identifiable information

Schools, service providers, local governments and enterprises of all shapes and sizes hold vast databases packed with personally identifiable information (PII) on students, staff, citizens and employees. In the wrong hands, this data can be used for a wide variety of schemes and scams like social engineering, email spoofing, credit fraud and even identity theft. Ransomware operators steal PII to sell to the highest bidder on dark web forum auctions but can also use it for deeper penetration of a victim in large-scale campaigns.

Health records

During the recent pandemic, hospitals, clinics and other healthcare facilities were singled out as victims by ransomware attacks. While such operations offer essential services that can be disrupted by an attack, the health records held on patients are among the most sensitive types of data retained and handled around the world. Unless files, servers and systems have been adequately encrypted, a ransomware attack is considered a data breach. Gangs use the threat of exposing sensitive patient data and the potential of hefty fines from regulators to coerce a ransom payment.

Secure your data with world-class encryption

Approved by Britain’s National Cyber Security Centre (NCSC) and using a model recommended by the US Government, our encryption solution offers powerful protection. Extremely user-friendly, our system has been designed to make deploying encryption simple so that it can become second nature to your staff and help you shield your data from cybercriminals.

If you would like to add next-generation protection to your data files, emails and attachments and safeguard them from ransomware operatives, here at Galaxkey, we can help. Get in touch with our technical team today and choose between an online demonstration and a free, two-week trial.