We have all seen the carefully prepared statement. A cyber incident has occurred, we are investigating but please do not worry since no data has left our network. Perhaps we will also see the obligatory inclusion of a ‘sophisticated’ threat actor by way of explanation as to how the company protecting our data was able to be compromised.
This assertion is necessary since it can be critical in the light of regulatory fines, and for some time was a claim that was often used in public admittance of ransomware incidents.
Not any more.
Since late 2019, an evolving tactic to publicly demonstrate that not only were criminals inside a company’s network, but their unfettered access allowed them the opportunity to leave with data (which is regulated) began to emerge: the threat to leak sensitive content if ransom wasn’t paid. Indeed, such was ..
Support the originator by clicking the read the rest link below.
