Data exfiltration
Imagine that you are logging on to your computer or your management server only to find that your systems have been encrypted and there is a ransom note on the desktop stating that your data has been exfiltrated. Following this, you get notified that if you do not pay the ransom, all your data will be published online. This data might contain confidential information. In 2020, a Finnish private psychotherapy service provider named Vastaamo’s patient database was hacked and then leaked to the dark web. The information in the patient database which contained journals for 30,000 patients was then used to extort both the service provider and the patients directly.
In the last 2 years, we have seen that most ransomware attacks use this tactic. One of the latest attacks at the time of writing this book was against Cisco. The attackers claimed that they managed to steal 2.8 GB of data after an attack in June 2022.
In addition, companies such as Accenture were...
