US chip testing firm shrugged off ransomware hit as minor - then came the data leak
Summary
Trio-Tech International initially downplayed a ransomware attack on its Singapore subsidiary, calling it "immaterial." However, the company later reversed its stance after realizing that stolen data had been publicly disclosed.
IFF Assessment
FOE
This is bad news for defenders as it highlights a common tactic where attackers exfiltrate data before encrypting it, leading to a double extortion scenario.
Defender Context
This incident underscores the critical importance of thoroughly investigating all aspects of a cyberattack, not just the immediate impact of encryption. Defenders must be vigilant for data exfiltration, as it can lead to significant reputational damage and regulatory fines even if the ransomware impact seems minor.