To Ransom or Blackmail... why not both?


Ransomware typically holds your data within your computer(s), right where it was, just locked up inside some encryption. Now the criminals are getting wise that fewer and fewer companies are paying the ransom. So Plan-B, is pay me (the bad guy) something to keep this same data out of the public eye, and away from usurpers or competition. The bad guys have the decryption key (typically), so this just makes sense, if the victim was unable to stop the initial attack that lead to the data being encrypted, maybe they won’t detect the exfiltration of it either.
There are also groups breaking into companies, and then selling that access to Ransomer’s. That means the Ransomer’s are out a little at first, but might have more access or more computers within the companies to hold ransom and or blackmail.
None of these are new ideas, in fact it’s a testament to the human predilection for doing good that none of this hasn’t happened sooner. Doomsday or worst case scenarios are super easy to come up with, and any virus that spread well in the past could of done any of these same things that are just now being done.
What’s next you ask? Something similar to what’s going on with Phone APP’s that spy on you or steal your data, software that does the same. The software will be legit seeming, even have support and help available. Secretly, it will steal your data, or store it in the Cloud, and the company will then sell the backup data to your competitor’s or that company will all of a sudden start holding your computers/data hostage. Trojan’s are one thing, this will be on another level. Software that passively monitor’s your computer for details, who your correspond with in email, keywords you type in those emails, IM’s or Slack postings. Real life bad guys will get alerts to these keywords, and they will have access into your computer, they will find you bad mouthing your CEO, or cheating on your spouse. Maybe they find you colluding with the competition, or someone signing off on risky behavior that if made public could affect stock prices… HR systems will be a great target for this type of blackmail, and could certainly be rife with data that a blackmailer would use. #ToldYaSo #TruDat