News &

Bots Make All Employers, Even Small Employers, Vulnerable To Cyber Attacks

A new global study of internet websites reveals an increasing amount of bot traffic, much of which is malicious. We examine why that creates a risk for all employers.

War In Ukraine And The Rise Of Destructive Malware

Organizations must implement best practices to protect their network from malicious code designed to destroy data. We look at prevention strategy sources.

White Hat Hacker And Other Security Tips To Protect Your And Your Employees' Data

Although no system is impenetrable, you can mitigate your losses with help from a former cybercriminal. Learn why.

Risk Assessments Necessary To Address Cyber Vulnerabilities

IT security experts discuss motivations and methods behind cybercrime. Understanding the risk specific to your organization is an important element in building your defenses.

The Double-Whammy Threat Of Ransomware: Not Always About The Money

Accenture recently filed documents showing that a ransomware attack it suffered months ago led to a data breach. The organization had initially claimed that the ransomware attack had "no impact" on its business.

Accenture stated in its fourth quarter and full fiscal year financial report that the ransomware group responsible for the attack stole company data. The organization experienced "data security incidents resulting from unauthorized access to our and our service providers' systems and unauthorized acquisition of our data and our clients' data including: inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks."

According to the report, Accenture first detected "irregular activity," including "extraction of proprietary information by a third party," in its systems during the fourth quarter of FY 2021. The third party allegedly made some of the data it stole available to the public.

Accenture admitted that some of its customers' sensitive information was compromised. The report stated that clients had experienced "breaches of systems and cloud-based services enabled by or provided by us."

It is believed that the LockBit group carried out the ransomware attack. In August 2021, the ransomware group threatened on its website to leak data stolen from Accenture. LockBit demanded a $50 million ransom in exchange for six terabytes of stolen data.

When it first shared news of the ransomware attack, Accenture maintained that LockBit's claims were false. According to BleepingComputer, Accenture has not yet publicly acknowledged the data breach outside of SEC filings and data breach notification letters filed with the authorities. Lyle Adriano "Accenture confirms ransomware incident also involved data breach" (Oct. 19, 2021).


There is no guarantee that cybercriminals will unlock your organization’s system and remove all malware if a ransom is paid. Some argue paying ransoms only encourages cybercriminals to attack the organization again.

But, beyond that, ransomware attacks now often involve a data breach in which cybercriminals steal valuable sensitive data. In the past, ransomware victims could at least feel like their data was safe from being leaked, but that is no longer the case.

According to The Coveware Quarterly Ransomware Report, in the third quarter of 2020, nearly half of ransomware attacks included “the threat to release exfiltrated data along with encrypted data.” The report states that cybercriminals use the threat of releasing stolen data “as a monetization conversion kicker.”

In this way, threat actors can force organizations that back up their data—organizations that in the past would have restored their backups and ignored ransom demands—to engage with them to determine what data was stolen.

Coveware notes that several organizations have paid ransoms to keep stolen data from being shared, only to have their data leaked anyway. For example, the ransomware group Sodinokibi re-extorted victims that paid a ransom weeks later over the same data set, and the threat actors Netwalker and Mespinoza each posted data stolen from companies that paid for it to be kept private.

According to Coveware, victims of data exfiltration extortion that do pay cannot be sure that the data will be credibly deleted. They should expect that the data is held by multiple parties without being secured and could be posted by mistake or on purpose after paying a ransom. Plus, unlike negotiating for a decryption key, negotiations to keep data secure could continue indefinitely. “Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues” (Nov. 04, 2020).

The best protections against both traditional ransomware attacks and those that include data exfiltration extortion are frequent employee training that includes the importance of not clicking on unknown links and attachments and strong cybersecurity practices such as keeping all software updated and employing anti-virus software.

Finally, your opinion is important to us. Please complete the opinion survey: