I wonder if holding stolen digital data acquired by illegal means in cloud storage is akin to holding stolen real-world goods, like by a pawn shop or fence. Of course, the hackers may have sold the contents already making deleting it moot.
1. encrypting the data in place, and withholding the decryption key unless the ransom is paid
2. exfiltrating the data to some cloud storage provider, and threatening to publicly release the information if the ransom isn't paid.
The "copies of the stolen data" in question probably is referring to the latter. While it could also theoretically be encrypted as well, my guess is that they got lazy and didnt.
Interesting aspect for me is how's that data stored.
Cloud providers love to advertise that 'data is secured at rest and in transit'.
Also the same cloud providers provide key management for you.
Essentially situation is the same as is with the cryptocurrencies: 'not yours keys - not yours coins'.
Thus since cloud provider has both the keys and the data they easily can hand over that data to whoever court says so.
I'm very aware of the encryption options AWS and other clouds provide.
Yet I've never seen those options being used. Additionally one has to trust the implementation provided by the cloud. Surely people can encrypt on the source ( and some do) but that's rare as well.
People encrypt at rest because it is a specific requirement that the data is encrypted at rest. Maybe to meet regulatory requirements or orders from above. Regulators are not going to object to data being handed over on court orders.
If the regulator or the management requiring it are OK with the cloud provider doing it (and AWS and the like do their best to ensure that) then using their keys and key management is the easiest way to do it.
Apart from cloud backups, in most cases the data will be decrypted in their cloud anyway, so you have to trust them.
The Ai generated art piece used with the article is so dumb. The probability that the health firm's IT staff aren't a bunch of Windows-minded pointy clicky Windows guys is near zero.
11 comments
[ 2.7 ms ] story [ 39.4 ms ] threadWon't this be encrypted? What will they do with it?
The encryption key would be with the LockBit group anyway.
1. encrypting the data in place, and withholding the decryption key unless the ransom is paid
2. exfiltrating the data to some cloud storage provider, and threatening to publicly release the information if the ransom isn't paid.
The "copies of the stolen data" in question probably is referring to the latter. While it could also theoretically be encrypted as well, my guess is that they got lazy and didnt.
If the regulator or the management requiring it are OK with the cloud provider doing it (and AWS and the like do their best to ensure that) then using their keys and key management is the easiest way to do it.
Apart from cloud backups, in most cases the data will be decrypted in their cloud anyway, so you have to trust them.