The hack at science financier NWO does not stand alone. Leaking documents to pressure hacked companies has now become a proven practice of ransomware groups.
Initially, the attackers only lock the files of an organization. If an organization still refuses to pay, documents will be leaked.
Ransomware attackers have been targeting companies for a long time, because there is a lot of money to be made there. But until a year and a half ago, they mainly focused on making a company’s files inaccessible.
They do this purely to force companies to pay
They think that by now also leaking data, it is better for companies to be forced to pay. “They do that purely to put pressure on companies to pay,” says security researcher Rickey Gevers.
If a company can do without the inaccessible files, for example because good backups have been made, there is still a reason to pay. “This method is now commonplace”, says John Fokker of security company McAfee.
At the NWO, this means that a number of documents from employees have been stolen: information about salary increases, agreements and an internal newsletter, but also a non-covid statement from probably an employee. As far as is known, documents about scientific research have not been stolen.
There is a good chance that more information will follow: at first the criminals put a little bit of information online, but later a much larger amount of documents will follow.
“They first show that it is serious by leaking a little, and if there is still no payment, they throw everything online,” says Fokker.
There are several sites publishing the documents that the attackers stole. That happens very regularly now. “And the companies that do pay immediately don’t even end up on that,” says security researcher Gevers.
In his estimation, these types of criminal groups are now striking on a daily basis. The victims are large organizations: companies, but also governments. The amounts they ask are often high: the organization that cracked the NWO often asks more than a million euros. “In the past, a ton was a lot, but now several millions are normal,” says Gevers.
Publishing the files is no reason for NWO to pay. The organization says it ‘deeply’ regrets that information about employees has been published, but does not think that is a reason to pay anyway. The organization takes into account that more information will be published.