How Criminals Are Weaponizing Leaked Ransomware Data

Accenture's Robert Boyce Advises Firms to Update Monitoring and Approval Processes
Robert Boyce, Global Cyber Response Lead, Accenture Security

Accenture's cyber threat intelligence team has analyzed the top 20 most active dedicated ransomware leak sites to learn how threat actors are posting sensitive corporate information and making the data easier to search and exploit. Robert Boyce, Accenture's Global Cyber Response Lead, explains how cybercriminals are weaponizing stolen ransomware data for follow-up attacks.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Boyce says criminals are indexing the data, making it more searchable and "doing their own analytics on that data to be able to identify really interesting business processes and identities of people within organizations."

Details such as employee names and titles, preferred vendors, the timing of payments to vendors and images of invoices are helping threat actors execute highly sophisticated business email compromise attacks against these former ransomware victims, Boyce says.

Boyce recommends organizations review their processes and increase their diligence. "Maybe put a little bit more monitoring around those processes, and … think about how to introduce additional controls like double authentication or double approval for payments, just to really try and reduce that risk just a little bit more," he says.

In this video interview with Information Security Media Group, Boyce discusses:

  • How cybercriminals are using ransomware data for secondary attacks;
  • The gaps in cybersecurity processes that criminals are bypassing;
  • How organizations can prepare for new mandatory cyber incident reporting legislation.

Boyce provides hands-on consulting services to the Global 2000 in the areas of advanced security operations, crisis preparedness and response, and cyber defense and protection strategies. He helps clients evolve their cybersecurity programs by focusing on the threats that matter and driving secure digital transformation. He is also responsible for shaping market strategy, including offerings, innovation and investments.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.