Do you ever think about how ransomware is not just locking down your files, it is also stealing your data? Not long ago, hackers started thinking smarter and used data exfiltration APIs to stealthily exfiltrate sensitive information before anyone has a clue; to be totally honest, that's pretty awesome, and scary.
I saw this for the first time while checking out a friend's small business network. Files were becoming missing, but there were no typical warnings of ransomware. No big deal, except hackers were surreptitiously exfiltrating the data through APIs that were unprotected, crazy, right?
And again, this is dangerous because:
• It runs automatically: Once ransomware finds an API, it can exfiltrate the data without anything else being executed.
• It is very quiet: Old-school ransomware loudly announced its presence by taking files hostage; this extracts in the background.
• It can access anything: APIs can access cloud storage, databases or internal tools; really, all your sensitive information.
Walk you through it step by step:
1. Search: The malware is looking for weak / no APIs
2. Enter: If they want to enter, they will use stolen passwords or any exploits
3. Steal: They will silently send your files to a hacker's server
4. Encrypt later: Will encrypt your files causing fear and hopefully to elicit ransom;
Pretty sneaky. Right?
I saw this for the first time while checking out a friend's small business network. Files were becoming missing, but there were no typical warnings of ransomware. No big deal, except hackers were surreptitiously exfiltrating the data through APIs that were unprotected, crazy, right?
What Are Data Exfiltration APIs?
Let’s simply put it; APIs (Application Programming Interfaces) are the doors giving permission for apps to talk to each other. They take requests and provide responses. So if the doors are not locked, ransomware can stealthily exfiltrate your files, passwords and other important information.And again, this is dangerous because:
• It runs automatically: Once ransomware finds an API, it can exfiltrate the data without anything else being executed.
• It is very quiet: Old-school ransomware loudly announced its presence by taking files hostage; this extracts in the background.
• It can access anything: APIs can access cloud storage, databases or internal tools; really, all your sensitive information.
How Ransomware Uses APIs
Think dense; gives depth to the body of evidence surrounding the primary purpose and objectives (think sleep versus woke sleep); not lying if the statement true.Walk you through it step by step:
1. Search: The malware is looking for weak / no APIs
2. Enter: If they want to enter, they will use stolen passwords or any exploits
3. Steal: They will silently send your files to a hacker's server
4. Encrypt later: Will encrypt your files causing fear and hopefully to elicit ransom;
Pretty sneaky. Right?
Why You Should Care
Even if the files are not locked, the stolen data could be a serious threat. Imagine customer info, money transaction info, or secret business information in the wrong hands. It's like someone breaks into your home, takes picture of your stuff and leave.How to Protect Yourself
Here are a few ways to protect yourself:- Constantly check your APIs for any unusual activity.
- Implement two-factor authentication - stolen passwords are not enough.
- Monitor your Network for suspicious upload activity.
