Ransomware ‘Name and Shame’ Explainer for FB-ISAO

FB-ISAO exists to share information and provide a platform for collaboration to enhance the security, preparedness, and resilience of the community of faith from threats across all-hazards, including cyber threats. Recognizing that physical threats are understandably the utmost concern to FBO’s, we diligently produce and provide information, reporting, and guidance on physical security incidents and concerns. However, as many FBO’s use a network of computing devices to run their business operations, including member/congregation relationships, financial management, websites, social media, etc., cyber threats also pose a very real concern for the community of faith. As such, FB-ISAO endeavors to keep members aware of cyber threats that have (or could have) direct or indirect impact to FBOs.

Each day, our team reviews suspected ransomware incidents for victims from our community or third or fourth parties that may impact our members. Additionally, we strive to notify members and non-members of suspected activity that could be indicative of an imminent ransomware attack.

One of these reports is titled, “Daily ransomware ‘name and shame’ / data leak sites report.” This report is named in light of the threat actors that attempt to “name and shame” their victims into paying the ransom to not have their stolen data leaked to the public. For FBO’s, this data could include congregants’ personal and financial data – information that every FBO wants to keep from falling into the wrong hands.

Realizing that many FBOs do not manage their own information technology, or even cybersecurity, we suggest that members share this information with their technology services provider (or “computer person”) for awareness to make sure you or those you partner with are not impacted.

Ransomware “name and shame” report

What is this?  This is a daily report regarding new ransomware victims listed on ransomware groups data leak sites. Ransomware groups are stealing data from MULTIPLE organizations per DAY and when ransom “negotiations” fail, many groups try to coerce victims into paying by listing the victim organization name and sometimes a “sample” of the data on a leak site.

Why is this important? Ransomware is an insidious cyber threat and reports like this may be the only indication that a compromise has occurred or a ransomware attack is forthcoming within your organization before it’s too late – especially for less resourced FBO’s that do not place a priority on cybersecurity.

As always, if you have ANY questions about this report or what to do with it, please reach out to us!