Ransomware"is malware that encrypts all of the data on an infected system. The administrator is notified that if they don't pay a ransom by a certain date,the key to decrypt the data will be permanently deleted. In another scenario, data is stolen and then told it will be released unless a ransom is paid. This could include embarrassing internal emails and/or intellectual property. Ransom demands are often made where Bitcoin or other cryptocurrency is used so these threat actors can remain anonymous when making financial-based ransom demands.

(Note:this topic isconspicuously absent from the books discussion on malware but is a MAJOR issue right now and has been for several years. I dare say that protecting against ransomware is one of the top concerns of any IT or Cyber security organization today. You must know how to protect against and deal with this issue!)

While there are ways to mitigate the effects of such attacks, a couple ways to address any attack on availability is through redundancy- i.e., alternate paths, backup systems, data backups. In the case of data exfiltration, even redundancy is not enough, the data should also be encrypted and the keys protected so they attackers cannot steal and then decrypt this data. If companies fail to protect their data in such ways, there may be nothing a company can do. In fact, some companies have not beenable to determine for certain whether the information was actually exfiltrated.

See:https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html

Unfortunately, many organizations realize these things when it is too late. Also, ransomware threat actors and groups such as Conti use highly effective tactics(as the leaks of their data have revealed per some security analysts and researchers.) Such groups change tactics often, and are now using data theft for extortion purpose as a means to ransom information and get companies to pay demands.

What would go into your decision making process? For example, what if you don't have a backup plan, and had no choice other than lose all of your data?

Would you seek outside help from the FBI in such a case, if you were a business,for example? How would you think the FBI might be able to help?