Embarrassware

There’s a new wrinkle on ransomware.

Smarter criminals are now exfiltrating files that they find which might be embarrassing to the organisation whose site they’ve hacked. Almost any organisation will have some dirty laundry it would rather not have publicised: demonstrations of incompetence, inappropriate emails, strategic directions, tactical decisions, ….

The criminals threaten to publish these documents within a short period of time as a way to increase the pressure to pay the ransom. Now even an organisation that has good backups may want to pay the ransom.

Actually finding content that the organisation might not want made public is a challenging natural language problem (although there is probably low-hanging fruit such as pornographic images). But, like the man (allegedly Arthur Conan Doyle) who sent a telegram to his friend saying “Fly, all is discovered” (The Strand, George Newnes, September 18, 1897, No. 831 – Vol. XXXII) and saw him leave town, it might not be necessary to specify which actual documents will be published.