What Data is Stolen During a Ransomware Attack?

Hackers steal data for a variety of reasons, each driven by different motivations and objectives. The most common objectives are financial gain, identity theft, corporate espionage, ransom and extortion, political motivations and more. During a ransomware attack, cybercriminals can steal a wide variety of sensitive data depending on what is accessible on the infected systems. In this blog post, we will outline the types of data targeted and stolen in such attacks.

Types of Data Stolen

Personal Information: This includes names, addresses, social insurance numbers, dates of birth, and any other personal identifying information. Stealing this data can lead to identity theft and fraud.

Financial Information: Credit card numbers, bank account details, and financial records are highly sought after. This information can be used for direct financial theft or sold on the dark web.

Health Records: In attacks against healthcare providers, patient medical records are a prime target. These records contain sensitive health information that can be exploited for blackmail or sold for fraud.

Corporate Data: Intellectual property, proprietary business information, blueprints, strategies, and internal communications can be compromised. This type of data is valuable for competitors or could be held for ransom directly.

More than two-thirds of Canadian executives consider cybercrime their most significant threat. PwC, 2023 Canadian Cyber Threat Intelligence Annual Report

Employee Information: Employee records include contact information, payroll details, employment history, and sometimes tax forms, which contain a wealth of personal and financial information.

Customer Data: Customer databases are targeted to steal contact information, purchasing history, payment details, and sometimes login credentials. This can be used to conduct further attacks or scams.

Cybercriminals may encrypt the data on the victim's systems during a ransomware attack, making it inaccessible to the owners. In some cases, they also exfiltrate the data to their servers before or during the encryption process. The dual-threat of encrypting the victim's data and threatening to release or sell the stolen data unless the ransom is paid is known as "double extortion."

Protecting against such attacks involves strong cybersecurity measures, regular data backups, employee training on phishing and other common attack vectors, and, where possible, the use of encryption and secure data storage solutions. Contact us to learn how we can better protect your business with our Managed Security Services.