You’ve heard about ransomware by now. Cybercriminals access and encrypt your data. You have to pay a “ransom” for the key to unlock it. Leakware is similar, but now the bad actors are threatening to post confidential information online if you don’t pay up.

When you think about it, there are probably many things your business wouldn’t want shared publicly. This could be your IP, your secret sauce recipe, your customer database with all the details, or financial data: the works.

The public sector is particularly at risk against leakware, also known as extortionware. Attackers threaten to publish confidential citizen data online. Healthcare organisations are also top targets, with the bad actors saying they will publish the stolen sensitive data online.

Leakware doesn’t just affect you and your business. It can hurt all the people whose data is leaked. That information makes citizens or customers more likely to be victims of fraud or identity theft.

As with ransomware, leakware is costly. Beyond the actual ransom paid, you could pay associated costs such as:

  • downtime
  • lost sales opportunities
  • angry customers
  • attack mitigation and recovery
  • damage to company brand reputation
  • penalties for unmet contractual obligations to customers
  • fines for non-compliance
  • fees for fraud protection offerings to affected individuals

“Nearly 3 out of 4 companies infected with ransomware suffer two days or more without file access.” — Acronis

Leakware – Planning and Prevention

Leakware is a more recent evolution of ransomware. In Johannesburg recently, hackers compromised passwords, and financial and personal population data. They demanded four bitcoins, or else they would reveal the stolen information and how they breached city systems.

The City of Johannesburg chose not to pay, and it’s unknown if the data was released or not.

Preventing a leakware attack requires the same precautions as ransomware. To start, use antivirus software and maintain a strong firewall. It’s important that you keep security software up to date.

Don’t ignore those notifications about system or software version upgrades! They can contain the patches you need to prevent vulnerabilities. Bad actors are always exploiting new methods of spreading malware. Security patching is the manufacturer’s effort to stay ahead of criminals.

It’s also a good idea to limit access based on the principle of least privilege. Authorise users for access only to data, software, or systems that they need based on their roles. When those responsibilities change, reconfigure the user’s access. This makes it more difficult for a bad actor to get all your data, because few people have that level of access.

Set up content scanning and mail server filters. At the same time, don’t rely on technology alone. Educate staff about the risk of social engineering and using public wireless internet. Make sure your people use a trustworthy Virtual Private Network (VPN) when off-site.

Keep good data backups, as well. We recommend the 3-2-1 approach. Keep three copies of your data. Backup one version to the cloud, and have the other two stored on different devices (e.g. on your local computer and on a backup drive).