For over one month, newspaper publishing giant Lee Enterprises has been suffering the ramifications of a ransomware attack. Allegedly conducted by the Qilin ransomware group, the incident has caused ongoing disruptions to operations and significant delays to contractor and freelancer payments.
Lee Enterprises released a statement noting that critical applications were left encrypted, affecting distribution of products, billings, collections, and more. It’s likely that Qilin ransomware group encrypted the files after sensitive files were exfiltrated in a tactic known as “double extortion ransomware.” This technique is a type of attack where the threat actor extracts sensitive data in addition to encrypting it, which gives the attacker extra leverage for the company to force its hand and pay ransom.
To mitigate double extortion tactics and similar threats or detect them early, organizations should implement key protective measures. Data security posture management (DSPM) provides visibility into sensitive data across the data estate, helping improve risk posture. It also enables continuous assessment and prioritization of risk based on data sensitivity, ensuring remediation efforts are focused where they matter most.
Additionally, Data Access Governance (DAG) helps enforce least privilege access controls by determining who has access to sensitive data and integrating with Identity and Access Management (IAM) or Cloud-Native
Application Protection Platforms (CNAPP) systems. Finally, Data Detection and Response (DDR) continuously monitors for emerging threats, alerting on suspicious access or data movement—such as exfiltration to unknown third parties—that may violate security policies or compliance requirements. This minimizes the impacts of double extortion attempts – making the attempts less fruitful by providing early warning before damages occur.”
Ad
Join our LinkedIn group Information Security Community!
