Dissent Doe  4d ago

Note to ALL:

I am starting to use another hashtag called #HackAndLeak that I hope others will also use to describe incidents where there has been no indication that any #ransomware or #malware was deployed.

It's time we stopped calling most attacks "ransomware" when they are really hack and leak incidents.

If you agree, how about sharing/boosting this idea and hashtag shift?

If you don't agree, tell me why so I can argue with you. :))

Show threadOliver D. Reithmaier4d ago
@PogoWasRight are you referring to incidents where someone gets access and wants money, threatening to leak the data?
Show threadDissent Doe  4d ago
@odr_k4tana Where they have exfiltrated data and demand money to delete it/not leak it.
Show threadOliver D. Reithmaier4d ago
@PogoWasRight that's a ransom.
Show threadDissent Doe  4d ago

@odr_k4tana OK, but "ransom" is not what I am trying to avoid. What I'm trying to replace is the overuse of the word "ransomware" to describe attacks in which no encryption was involved or malware deployed. I think "HackAndLeak" is more accurate than "ransomware attack."

If you want to use "HackAndRansom" or "HackAndExtort," I can see justification for those, too, but I think HackAndLeak works. :)

Show threadOliver D. Reithmaier
@PogoWasRight I think ransomware is still appropriate: the name does not imply encryption, that's just a historic artifact; also, the ware character fits the enterprise-style of the attackers. Most use phishing kits and standardized tools to gain initial access. It's not like these people target anyone specifically for the most part. They literally go phishing and see what sticks.
Apr 11 at 12:35amWeb