When it comes to cyber attacks, prevailing wisdom had it that the #1 threat that CISOs need to be aware of is ransomware. While this is still true, it’s the nature of ransomware that has changed, driven by a new generation of ransomware, and it’s imperative for CISOs to understand this new threat.

The rise of encryption-less ransomware means that the traditional tools and tactics used to defend organizations are to a large extent no longer relevant. 

An encryption-less ransomware attack is when the attacker does not try to encrypt the data. They will demand a ransom for not publishing the stolen information.

Double extortion is when the attacker steals the files and encrypts the files in the file storage of the company – however the files they take are not encrypted. Organizations can restore from a backup cloud to overcome the encryption element, but cannot do anything about the data that is now out there.

For example, if attackers steal a company’s sensitive data and threaten to release it on the dark web, then having a backup of that data is irrelevant. 

This encryption-less form of ransomware represents a shift from traditional attacks, where the primary threat was data encryption, to a scenario where sensitive information is exfiltrated and held for ransom. This shift necessitates a reevaluation of defense strategies to protect organizational data effectively.

We’ll help CISOs ensure: 

  1. They are prepared for these attacks
  2. They have this in their playbook, and will test it like they do for backup and restore solutions

First, let’s start with a deeper understanding of the problem:

The Problem

1. The Rise of Encryption-less Ransomware

The MOVEit Transfer software hack, disclosed by Progress in May 2023, rapidly became the most significant cybersecurity event of last year, marking a notable instance of encryptionless ransomware. Unlike traditional ransomware attacks that encrypt victim’s data to demand ransom, this incident involved the Clop ransomware and extortion gang stealing sensitive data from MOVEit Transfer servers. The attackers then threatened to publish the stolen data unless they received payment, leveraging the threat of exposure as their primary weapon of extortion. 

The numbers from this attack highlight the danger modern CISOs face:

Note that MOVEit issued a patch on May 31.

A similar incident happened to Deloitte. The global professional services firm experienced a significant cybersecurity incident where, unlike traditional ransomware attacks that encrypt data, this attack involved the unauthorized access and theft of sensitive data from Deloitte’s email platform. The attackers then threatened to release the stolen data unless a ransom was paid, embodying the characteristics of an encryptionless ransomware attack.

This incident did not follow the more common ransomware model of encrypting victim data and demanding payment for decryption keys. Instead, it leveraged the threat of public disclosure of sensitive information as leverage for extortion. 

Recent years have seen a 40% increase in encryption-less attacks, highlighting a significant change in the tactics of cybercriminals. These attackers no longer rely solely on encryption to paralyze their victims but instead threaten to release sensitive data unless a ransom is paid. This form of attack not only puts the confidential information at risk but also exposes organizations to regulatory fines, reputational damage, and the potential loss of business.

CrowdStrike research shows that 75% of attacks were malware-free. There has also been a 76% spike in data theft victims named on the dark web.

These statistics show how urgent and prevalent this issue is. 

What’s more, encryption-less ransomware poses a multifaceted problem that extends beyond the immediate threat of data exposure. The psychological impact on organizations, knowing their sensitive data could be exposed at any moment, cannot be overstated. This form of cyber extortion creates a perpetual state of insecurity and fear, making it a potent weapon in the arsenal of cybercriminals.

The consequences of falling victim to encryption-less ransomware are severe:

Moreover, the rise of encryption-less ransomware represents a sophisticated evolution in cybercriminal strategies, exploiting the interconnected nature of modern business operations. Cybercriminals are increasingly aware that data is not just a digital asset but a cornerstone of trust, operational integrity, and competitive advantage. The threat of releasing stolen data into the public domain or selling it to the highest bidder on dark web marketplaces introduces a complex risk landscape that traditional cybersecurity measures are ill-equipped to address.

This era of encryption-less ransomware calls for a paradigm shift in how organizations approach cybersecurity. It underscores the inadequacy of relying solely on perimeter defenses or traditional data protection strategies, which may be effective against ransomware that encrypts data but are ineffective against threats that exfiltrate data.

2. Why Traditional Defenses Are No Longer Sufficient

The shift towards encryption-less ransomware has rendered traditional security measures, such as backups and endpoint detection and response (EDR) systems, less effective. These solutions are designed to counteract the effects of encryption, but they offer little protection against the theft and extortion of sensitive data. 

For example:

What Should The Solution Be?

To effectively counter the nuanced and evolving threat of encryption-less ransomware, organizations must adopt a cybersecurity attitude that is comprehensive yet flexible, capable of addressing not only the current threat landscape but also adaptable to future threats. This should include the following capabilities:

What ITsMine Can Do For You

In response to this evolving threat, ITsMine has developed a comprehensive solution designed to empower CISOs and their teams to defend against encryption-less ransomware attacks. 

This ITsMine encryption-less protection solution gives CISOs: 

It achieves this by using:

ITsMine SoftwareMines™: immediately alerts when a data breach occurs, and provides full forensic information on the exfiltration event.

ITsMine Virtual Vault™ & File-GPS™: provides the ability to kill files even if the attacker holds them in an external isolated environment.

ITsMine’s Virtual Vaults in action

In summary, ITsMine offers a comprehensive data protection and response solution that includes:

A Call to Action for CISOs

As encryption-less ransomware becomes an increasingly common threat, CISOs must adapt their cybersecurity strategies to protect their organizations. This involves not only deploying the right technologies, such as ITsMine’s comprehensive solution, but also raising awareness about the changing nature of ransomware attacks. 

Specifically, it should now be clear that CISOs must ensure they are prepared for these encryption-less attacks, and that their playbook includes a robust response including testing and simulations much like is done for other common threats.

By understanding the nuances of encryption-less ransomware and implementing robust defense mechanisms, CISOs can safeguard their organizations against this evolving threat.

ITsMine offers a solution that empowers CISOs to be alerted, stay in control, and defend against these sophisticated attacks, ensuring that sensitive information remains secure.