In early April, a threat actor called DoD offered on BreachForums three gigabytes of data allegedly stolen from the US Environmental Protection Agency’s (EPA) systems, claiming it was a contact list of critical infrastructure organizations worldwide. The EPA said that DoD had confirmed it had never breached the agency and that the data posted was already publicly available.

In mid-April, a new ransomware group called RansomHub added insult to injury by posting to its dark web site the sale of four terabytes of data it claimed had been stolen in a devastating ransomware attack on Change Healthcare by the once-disrupted but now-reincarnated AlphV/BlackCat group.

At that point, Change Healthcare was reeling from the still-ongoing disaster the ransomware attack had on healthcare providers and pharmacies across the US, even though it was later revealed that Change Healthcare had paid the attackers $22 million to stanch the damage. Although cybersecurity experts believe, but are not sure, that RansomHub’s claims of having the data are real, confusion surrounds whether RansomHub is actually AlphV/BlackCat itself using an alias or an affiliate of that group or a brand-new group.

Pressure to get money fuels the false narratives

What frequently makes grasping the facts surrounding breaches difficult are the tactics hackers use to pressure organizations into paying ransom quickly, often based on false or exaggerated claims. “Wow, it’s almost like we can’t trust criminals to give us a true answer,” Troy Hunt, founder of the data breach search website HaveIBeenPwned, tells CSO.

“We’ve got to recognize that the folks we’re dealing with here are criminals, and their motives are clearly not pure. They’ll construct whatever narrative they need to service their own requirements.”

“The gangs try to push organizations into paying quickly,” Callow tells CSO. “They do not want to wait until organizations have had time to do the forensics and find that they didn’t lose as much data as the gang claims or that the data wasn’t as sensitive as the gang claimed it was. It’s in their interests to try and force payments quickly, very often on the back of bluffs.”