My TechDecisions

IT Infrastructure, Network Security, News

The Rise of Triple Extortion Ransomware

Ransomware groups are adding on another layer of extortion by threatening to tell customers, press and more of the attack.

Leave a Comment

Progress MOVEit vulnerability

If you aren’t already familiar with ransomware, the increasing frequency of such attacks and the level of sophistication with which cybercriminal gangs deploy the malware, then you need to be paying more attention.

The prevailing trend over the course of the last few years is the rise of double extortion, which means that the purpose of ransomware is no longer just to hold an organization’s data hostage for a six-figure ransom. Instead, ransomware gangs are now threatening to leak data – especially if it’s sensitive data or potentially embarrassing for the organization – unless that ransom is paid.

This method was popularized by infamous ransomware group Maze in 2019, and others have caught on. A recent report from cybersecurity firm Coveware found that 77% of ransomware attacks in the first quarter of this year were double extortion attempts in which the attacker sought to exfiltrate data from the company. That figure is up from 70% is the previous quarter.

However, ransomware gangs are now adopting a triple extortion model in which they threated to publicly disclose that the victim organization is under a ransomware attack and damage their reputation, says Brian Linder, a cybersecurity evangelist at Check Point Software.

What is triple extortion?

In a ransomware attack, the more leverage the criminals have, the more likely the victim is to pay. If the gang was successful in not only encrypting critical systems, but also downloading sensitive data and threatening to release it, they have the upper hand and can force a payment if the victim doesn’t have adequate backup processes.

However, cybercriminals are adept at transforming themselves and creating new revenue opportunities, including another level of extortion.

According to Linder, triple extortion has surfaced over the last six months and involves ransomware gangs making robocalls to customers, shareholders, partners, press and financial analysts if the affected organization doesn’t succumb to the first two extortion attempts.

“So, imagine if you don’t pay the ransom, we’re going to let all the stock analysts know that you’ve been attacked and likely drive some percentage of your market value out of the market,” Linder says. “So, tremendous leverage.”

This technique is increasing, and ransomware victims and their IT experts can expect to see more and more of this in the coming months.

“We do expect this to be highly exploited,” Linder says. “It’s fairly easy to do.”

Depending on the attacker’s success in penetrating the network initially, they can access information about the victim’s customers, names and phone numbers and have automated messages ready to go.

“They have their finger on the ‘go’ button, and if somebody won’t pay the ransom, they hit ‘enter,’” Linder says.

Prevention is key

Since ransomware has become such a hot topic in recent months with high-profile attacks against Colonial Pipeline, JBS and managed service providers and their customers via Kaseya, there has been an increased emphasis on good backup procedures so organizations can quickly recover from successful encryption.

However, the rise of double – and now triple extortion – means organizations must put more focus on prevention and keeping ransomware operators from penetrating networks in the first place.

That means both educating users on how to spot a phishing attempt, social engineering and other malicious activity, but also on better endpoint and cloud protection, detection and procedures that make it difficult for bad actors to deploy ransomware.

Linder outlined three steps organizations should take to proactively prevent ransomware attacks:

  • Deploy email security tools to block phishing attempts and implement two-factor authentication across the organization.
  • Next, IT pros should have good detection tools in place to spot suspicious activity and block the criminals from doing any harm.
  • Educate end users on how to spot a phishing attempt, spot social engineering and recognize malicious activity.

“All of these things should be looked at before the attack, not after it,” Linder says.

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ