Few incidents highlight the need for robust database security more than the news that even one of the world’s largest cyber insurance companies isn’t immune to being targeted by cyberattacks. In May, AXA’s Asia Assistance division was hit with a damaging ransomware attack, courtesy of the notorious ransomware group known as Avaddon.
The attack came days after the French multinational insurer AXA said that it would stop reimbursing customers for payments they had made to ransomware attackers.
This move was hailed as a positive by cybersecurity researchers, who feared that this behavior helps ramp up the number of cyberattacks worldwide by encouraging victims to pay money to those extorting them. But ransomware attacks continue — as AXA was about to find out.
No ordinary ransomware attack
The May AXA ransomware attack was no ordinary ransomware attack, however. In a classical ransomware attack, of the sort that has been going on for several decades, malware is used to encrypt computer files and systems. The only way that users can get their files back in this attack is to pay a ransom, usually in cryptocurrency such as bitcoin, in exchange for a decryption key. If they do not do so, their files remain encrypted and, therefore, useless. Depending on the files, this could range from an annoying waste of time for users to, in the case of crucial data such as ongoing research or medical records, downright disastrous.
But these ransomware attacks look downright innocent compared to the newer breed that has emerged in recent years. As malicious as classical ransomware attacks are, they work by rendering data unintelligible to everyone. While the ransomware attackers held the encryption key, this only had value to the user whose files had been encrypted. Picture it a bit like a criminal carjacking a vehicle, then pulling the keys out of the ignition and tossing them away. The driver can no longer drive the vehicle — but nor can anyone else.
Double extortion attacks
However, in the newer breed of ransomware attack, called “double extortion” attacks, there is also a data breach involved. In these attacks, attackers exfiltrate data which they then threaten to publish or otherwise share if their ransom demands are not met. It’s an extremely nasty variation on a ransomware attack because, suddenly, the risk isn’t simply of losing the data, it’s also about someone else getting hold of it.
This is the type of ransomware attack that recently hit AXA. As part of the attack, the hacker group claimed it stole a massive three terabytes (3TB) of sensitive data, including doctor ID information, bank account details, customer information, and even highly personal medical data relating to HIV and sexually transmitted diseases. To make clear that this information would be shared, the Avaddon cyber attackers leaked some passport details they had supposedly obtained in the leak. They then threatened that they would launch a Distributed Denial of Service (DDoS) attack — designed to crash online services, websites and more by overwhelming it with fake traffic — if their demands weren’t met. AXA did not reveal whether it planned to pay the ransom or confirm how much was demanded from it.
Such attacks are, unfortunately, becoming more common. Exfiltrating data gives attackers an extra way to twist the proverbial knife to get victims to pay to end an attack. While the extortion terms promise not to publish data (and possibly even to delete it) once the sum has been paid, there’s nothing to stop the attacker holding onto it and trying to squeeze more cash out of targets at a later date.
In some cases, there are even triple extortion attacks in which the attackers try to extort money from any third parties named in the stolen data — such as customers whose medical records have been obtained as part of a breach.
Preventing these attacks
Preventing such attacks should be a top priority for companies. To do so, consider using database security measures such as advanced analytics that can monitor and manage an organization’s valuable or sensitive data. Ideally, select systems that offer a single pane of glass approach to managing all of your on-premises and cloud-based data, with the necessary security features baked in to crack down on harmful ransomware attacks.
Unfortunately, ransomware isn’t going away. Attacks have ramped up greatly in recent years — especially during the pandemic as more people than ever have been reliant on computing infrastructure to live and work. However, just because ransomware is becoming more commonplace doesn’t mean you have to be the victim of it. Select the right tools to protect yourself and you won’t have to worry about it — or any of the secondary impacts, from reputational damage to potential fines.
Investing proactively in the right solutions for the job is one of the smartest investments you can possibly make in 2021. And, most likely, for many years to come.