A ransomware extortion is usually based around two separate threats. Firstly, they’ll ask for  payment to decrypt your data, so you and your company can get back to work. Secondly, they’ll ask you to pay them to delete the data they’ve stolen – instead of leaking your information onto the dark web.

The hackers will penetrate your network and then find and withdraw documents and sensitive information. They could be looking for the following.

• Human Resources files, containing data such as employee names, birth dates, social security numbers, and bank routing numbers.

• Finance/Accounts files, containing bank account information associated with customers, suppliers, or associates.

• Engineering and Patent files, containing corporate intellectual property (IP).

• Sensitive information specific to your business or industry – this might include medical records, software code, and legal information.

Having secured and copied targeted data, the hackers now encrypt it, cutting you off from your own  information. Tools vary – as commercially available “data at rest” encryption software has grown more powerful, it’s become a more popular “weapon” for cyber criminals, who previously relied mainly on military grade algorithms.

To create maximum inconvenience (and increase the likelihood the ransom will be paid), the hackers will encrypt as much data as possible, regardless of whether they can use it or not.

More info: Office 365 Migration Services