Ransomware stealing data before encrypting

ZDNET reported on a new strain of Zeplin ransomware that steals an organizations data before encrypting it.  Zeppelin joins Maze, REvil (Sodinokibi), Snatch, and the now-defunct Merry Christmas ransomware in doing so.

  • Ransomware used to come in two flavors:
    Steal user data with intention to collect ransom to not release data publicly.  A famous case of this type of ransomware is Sony Pictures.
  • Encrypt user data with the intention to collect ransom to get your data back.  Cities and hospitals have paid ransoms to get access to their data.

The second flavor of ransomware should only be an annoyance to organizations as a proper backup system should be able to restore to a point in time prior to the ransomware infection.

This new Zeplin strain combines the two and gives malicious attackers two potentials to a ransom payment.

SecureCircle can ensure organizations data will be safe from public disclosure.  Since data is protected by default, the malicious attacker would only be able to steal protected files.  Without authorization, the data is not accessible.   The threat of publicly disclosing internal confidential data would be removed.

SecureCircle plus a proper backup mechanism would ensure ransomware is limited to only small operational disruptions.