RansomHouse is a new threat actor group believed to have come together in December of 2021. They have decided to use a new twist on the encrypted data ransom business model. Instead of stealing data and encrypting the source material, or just encrypting it, then charging a ransom to the owners to recover it, they simply notify the victim and require a “fee” to recover the data.
Typically, when a ransom is demanded, there are only two options: pay the ransom, or allow your compromised data to be sold or used against you. Because there is little or no guarantee that the data will be recovered and not further exposed when paying the ransom, most companies tend not to pay. Not paying the ransom is also what the FBI recommends in these situations.
If you are unsure what ransomware is, check out our post about it: Ransomware.
What Happened
Message traffic purportedly from the RansomHouse group members has claimed that at least four organizations worldwide have been breached and had data stolen but have refused to pay the ransom since sometime before or around December of last year. RansomHouse has since posted that the data is for sale or made it freely available online.
At this time, there are no indications that RansomHouse has attacked other organizations, but this is not an indication that it has not, just that they may still be in negotiations with the organizations or have received payment.
It also appears that RansomHouse has some form of connection to the White Rabbit and Lapsus$ threat actor groups, with both promoting the new group on their own channels. The form of the connection, at this time, is not known, but there is evidence of communication and potential collaboration.
How will this Affect You?
No matter your business profile or organizational security measures, it is likely that you are under attack from cyber threats regularly. What your organization does, how big it is, and its security posture is either an attraction to threats or a measure of security.
For instance, if your organization has valuable information, such as patents, financial reserves accessible from the Internet, or other usable and valuable information, you are more of a target than those whose data is less valuable.
The stronger your security, the harder it is to get into your networks and access data, the less likely you are to be breached. This is because most threat actors are looking for “low-hanging fruit,” so to speak. The greater the amount of time required to potentially breach your systems is more than they are willing to invest. This doesn’t mean you aren’t a target for some; it just means that you are less of a target for most.
Any breach, no matter how small, is not what you want to happen. It can be financially expensive due to fines, legal expenses, working to better secure a network already breached, and the fact that your clients and business partners/associates will see the breach as a threat to their own organization. Rightly so.
A breach may, literally, cost you your business.
What should you do
If you, as an individual or as an organization, maintain records of the data you use, then there is a threat. A proper risk assessment may rate the risk as “Low,” but there is still a risk.
Ensuring you know the risk, plan for and implement robust security, and maintain constant vigilance over the data and the implemented security is a great place to start.
- Begin with enumerating all types and forms of data your organization ingests and uses.
- What is the value of that data, and what laws and regulations must you obey to protect it?
- Where and how do you obtain it?
- Who uses it, and how?
- Where is it stored before, during, and after use?
- How is it transmitted from point to point, and what are those points? Is it only within your organization’s infrastructure, or does it also get stored or used outside (business associates)?
- What equipment do you use to store and access the data?
- Servers
- Internet providers
- Network connections
- Computing devices
- “Hard” storage – such as x-ray films or paper copies
- Considering all of the above, what is the risk to the data?
- Do your business associates meet or exceed the security you have in place?
- Are your employees trained to protect the data they access?
- Are your hardware and software secure?
- Do you ensure that security measures are configured, used properly, and updated appropriately?
- Is someone checking to ensure that your security measures are the best possible and that they are maintained and updated?
- Do you constantly monitor for better ways to ingest, protect, use, store, and destroy the data in your organization?
Yes, there is a lot to be done to protect yourself, your clients, and your business from threats to your data, but it is well worth it. The effort helps alleviate concerns of those you obtain the data from and those that use it. It also will help if you are subject to a breach and come under the scrutiny of a regulatory agency, such as Health and Human Services. A breach against an organization with the best possible (reasonable) security against such a threat is less likely to incur a financial burden from such agencies, as they know that you have done the best you can.
Your clients will also be less likely to stop doing business with you because they realize that your efforts were for their protection.
Northstarr Recommendations
As an IT and Managed Service Provider, Northstarr is well-positioned to help you and your organization discover the best ways to secure and protect your data, manage your IT assets, and provide you and your clients with the peace of mind needed to continue to move forward. Our expert team can help you find and define the data, provide risk management, and secure your organization from data theft or inappropriate access.
If you have any questions, contact us at (888) 767-2210 or request that we contact you online. You can also request a free assessment.
Visit our Social Media pages as well!
For more information check out these other posts: HIPAA, HITECH, Healthcare related.
You can also visit our Tech News pages to read all of our posts!