Ransomware’s New Normal: Double Extortion Ascending as Threat Actors Test New Tricks
In Order to Make Their Victims Pay the Ransom, Numerous Ransomware Attackers Are Embracing Threatening Tactics to Reveal Sensitive Information.
It may be that the growth of double blackmail is the organic evolution of ransomware: at the beginning from customer attacks to targeted enterprise attacks, and now with the added double danger of data extortion.
“Double extortion” refers to an evolving ransomware tactic and the way it works is that the attackers initially steal private information, then encrypt the victim’s files. If their victims fail to pay the requested ransom, they will probably have their data exposed.
It’s a fact that there’s been a huge rise in the number of ransomware attackers that threaten to leak stolen data from those who don’t pay the ransom for the decryption key that’s essential to fix their network.
An example of a double extortion attack is the case of Allied Universal, which occurred in November 2019. When the organization refused to pay 300 bitcoin, the ransomware gang increased the ransom request by 50% and threatened to utilize stolen information along with stolen emails and domain name certificates in a spam operation pretending to be Allied Universal.
The attackers leaked some of the stolen information such as certificates, contracts, and medical documentation to show they are being serious about their demands. They even posted a link to 10% of the data they exfiltrated. Allied Universal received a two weeks deadline before the rest of 90% will be exposed as well. The name of the used ransomware was the popular Maze.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
The thought behind the double extortion ransomware assaults is that even if the victim company thinks it can fix its network without paying the amount of money requested by attackers, the idea that their staff and client’s private data could be exposed might push companies to give in extortion and make the payment.
It is not recommended to pay the ransom as there is no assurance that the hackers involved in the ransomware attack will delete the stolen information.
Unfortunately, this kind of cyber assault has become exceptionally profitable for ransomware gangs. Over the past year, cybersecurity specialists have followed the activity of more than 24 dark web leak websites linked with ransomware attacks meaning that more and more hackers adopt this form of blackmail.
Some ransomware gangs that are very prosperous in the double extortion business are Revil, Maze, Netwalker, and DoppelPaymer, but they are not the only ones. Conti and Egregor ransomware groups have rapidly followed in their footsteps and became some of the most productive cybercriminal groups in 2021.
Double extortion methods are now a habit amid ransomware gangs because the cyberattacks function and numerous enterprises are giving into ransom requests while hackers get more tenacious and more hostile.
The best way for a company to stay safe when it comes to ransomware attacks is for its network to be secure enough to stop attackers from being able to gain access.