Critical OT Data Leaked on Ransomware Extortion Sites

Data leaks, for whatever reason, are costly. However, financial recovery costs and costs due to damaged trust and reputation are not the only ramifications. Lost data often finds its way into the hands of advanced adversaries who use it for reconnaissance efforts to learn about potential targets, including critical infrastructure organizations.

On Monday, Mandiant Threat Intelligence published analysis based on its collection of many terabytes of stolen information from ransomware data leak disclosures in 2021. According to Mandiant, the data collected impacted over 1,300 organizations from critical infrastructure and industrial production sectors, such as energy and water utilities, or manufacturing. Mandiant’s findings estimate that approximately one in seven ransomware extortion attacks leaked critical OT data. The sensitive OT documentation included, network and engineering diagrams, images of operator panels, information on third-party services, and more. For more on the findings, visit Mandiant.