Which stolen data are ransomware gangs most likely to disclose?

From helpnetsecurity.com

ransomware data disclosed

If your organization gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more likely to end up being disclosed as you debate internally on whether you should pay the ransomware gang off?

Rapid7 analysts analyzed 161 data disclosures performed by ransomware gangs using the double extortion approach between April 2020 and February 2022, and found that:

  • The most commonly leaked data is financial (63%), followed by customer/patient data (48%)
  • Files containing intellectual property (e.g., trade secrets, research data, etc.) are rarely disclosed (12%) by ransomware gangs, but if the organization is part of the pharmaceutical industry, the risk of IP data being disclosed is considerably higher (43%), “likely due to the high value placed on research and development within this industry.”

Read more…