Stealing information
Information theft falls into two categories. The first is regulated information such as Protected Health Information (PHI) and Personally Identifiable Information (PII), while financial information such as credit card numbers is often targeted by criminals to make a profit. The second is intellectual property, which is often targeted by more sophisticated actors. While some elements of the attack are the same between malicious software attacks and information theft attacks, elements are necessarily different.
When performing an extortion attack, the target is indiscriminate. It doesn't matter what the information is if it is important to the victim. When stealing information, the information must be targeted, either as information that is valuable in a dark web marketplace, or information that is valuable to the attacker. As a result, the first step is for the attacker to identify what information they may want to target and who has the information they...
