Warn and Publish
The group’s now threatening an automotive firm, GEDIA Automotive Group to publish their stolen data soon as they have failed to get in touch and pay the ransom. GEDIA is a German automotive firm that supplies auto parts to other makers. With more than 4,000 employees, it has production houses in many nations. The ransomware group has published an Excel spreadsheet, that contained information and AdRecon report in an Active Directory Environment. This was similar to their previous operations as with Archtech case too. The stolen data is said to be 50GB containing drawings, data of employees and customers which will be published onto data stock exchange soon.
The New Game
Ransomware groups are changing their plans to a much effective way recently. They’re not just encrypting the systems, but also stealing the data before doing so. This let them threaten the victim to surely pay the ransom. And if not complied, the attacker would leak the stolen sensitive data in parts until they pay it. While publishing the data is one way of exploiting them, selling it to other malware groups for future targeted attacks could be highly effective. This data may be useful for sending phishing emails with spam links to infect users with malware and steal the data further. Source – BleepingComputer