Double Trouble: Understanding the Growing Threat of Double Extortion Ransomware
The rise of double extortion in the world of cyber attacks is a cause for concern. This dangerous form of ransomware targets not only individual files but also entire networks, posing a significant risk to both individuals and businesses. First introduced by the Maze ransomware group in 2019, double extortion has since been adopted by a growing number of ransomware gangs, with over 16 gangs now utilizing this tactic to coerce their victims. The number of companies whose data has been exposed on data breach sites has seen a staggering 935% increase, highlighting the severity of this threat. The growth of the ransomware industry can be attributed to the rise of ransomware-as-a-service (RaaS) affiliate market. This article delves deeper into the world of double extortion and the current state of this growing threat.
Why Double Extortion is on the Rise
Ransomware attacks have been a constant threat to businesses, with hackers using malicious software to encrypt valuable data and demand a ransom payment for its release. However, in recent years, ransomware gangs have changed their tactics in response to better cybersecurity measures by businesses. This shift has led to the emergence of "double extortion," a more potent form of attack.
Double extortion not only involves encryption of data but also the theft of sensitive information. The hackers then threaten to publish or sell the stolen information on the dark web, making companies more likely to pay the ransom to avoid further harm. This shift in tactics makes traditional data backup and recovery methods useless and makes double extortion a much more serious threat.
The trend towards double extortion can be traced back to the destructive WannaCry and NotPetya ransomware attacks in 2017, which prompted businesses to increase their cyber defenses. As businesses became more resilient, ransomware gangs adapted by monetizing stolen data. Groups like REvil (also known as Sodinokibi) have now made double extortion one of the most common and dangerous forms of ransomware attacks.
The Growing Impact of Double Extortion on Businesses
A recent study commissioned by Sophos called "The State of Ransomware for 2022" polled over 5600 IT professionals from mid-size organizations about the impact of ransomware on their businesses. Out of these respondents, over 900 were willing to share specific details about ransom payments. The study revealed that 66% of companies were affected by ransomware in 2022, compared to 37% in 2020. This increase is partly due to the growing number of victims and the effectiveness of double extortion as a tactic. In fact, double extortion has become a common practice in business ransomware campaigns, leading to higher ransom amounts being paid.
Real-Life High-Profile Examples of Double Extortion
In the spring of 2021, a well-known chemical wholesaler, Brenntag, was hit with a devastating ransomware attack by the DarkSide gang. The attack resulted in the loss of a significant amount of corporate data, estimated to be around 150 gigabytes.
According to reports, the hackers demanded a ransom payment of $7.5 million, but Brenntag was able to negotiate down to $4.4 million, which was paid on May 14 to avoid the leaked data from being made public.
Another high-profile case of double extortion happened when the computer manufacturer, Acer, was targeted by the notorious hacking group REvil. This same group was responsible for the attack on the foreign exchange company, Travelex. In May 2021, REvil launched an attack on Acer and demanded a ransom of a staggering $50 million, the highest ever recorded. To add insult to injury, the hackers also used a Microsoft Exchange server vulnerability to access Acer's data, and even released photos of confidential financial papers and spreadsheets.
Payment Doesn't Guarantee Data Protection
Unfortunately, many businesses have learned the hard way that paying the ransom doesn't always secure their data. This was shown in the Acer case and numerous others.
The Conti Ransomware Gang, a Russian group offering ransomware-as-a-service, is gaining a negative reputation for their untrustworthiness. Despite receiving the ransom, they have been caught providing fake evidence of file deletion and even publishing stolen data on their website, Conti News.
This unreliable behavior is one of the reasons why the group has developed a negative reputation. It also undermines the entire ransomware business model, which relies on the trust between the attacker and the compromised organization. If this trust is broken, the model simply falls apart. After all, if businesses can't trust that their data will be kept confidential even after paying the ransom, what's the point of paying it in the first place? Although ransomware is illegal, it has been a profitable enterprise, but only because of this trust.
The Growing Threat of Triple Extortion
As you’ve read, double extortion is becoming a common occurrence in the cyber world. However, an even more concerning trend is the rise of triple extortion attacks. This type of attack goes one step further than double extortion and not only demands a ransom from the original victim, but also from anyone who may have been impacted by the data breach.
With the increase in ransomware payments, attackers are becoming more audacious in their tactics and are not hesitating to launch follow-up attacks in the hope of obtaining even more money. This presents a major challenge for organizations, as they must not only secure their systems from the initial attack, but also from subsequent attacks that may follow.
Triple extortion attacks are particularly dangerous as they not only impact the original victim, but also anyone who may have been impacted by the data breach. This could include clients, partners, and even competitors who may have sensitive information compromised as a result of the attack.
Protecting Your Organization from Ransomware Attacks
It's no secret that ransomware attacks are on the rise and they're only getting more sophisticated. But don't worry, there are steps you can take to protect your organization from these attacks. Download our free ransomware prevention ebook now to understand the strategies you need to put in place to keep your organization safe and secure.
Download the Free ebook
Ransomware Prevention for IT Pros
Best Practices for Keeping Your Company Secure
In our free ebook, we share proven strategies to keep your organization's digital infrastructure safe from ransomware. In it, you'll discover tried and true tactics in use today that thwart ransomware attacks every single day.
Download our free ransomware prevention whitepaper now to understand the strategies you need to put in place to keep your organization safe and secure.
Conclusion
The rise of double extortion in the world of cyber attacks is a growing concern for businesses and individuals alike. The trend of double extortion, in which hackers not only encrypt valuable data but also steal sensitive information and threaten to publish it, is becoming more prevalent, as evidenced by the growing number of cases reported and the increase in ransom payments. The growth of the ransomware industry can be attributed to the rise of ransomware-as-a-service (RaaS) affiliate market and the better cybersecurity measures of businesses. Despite the increase in ransomware payments, the trust between the attacker and the compromised organization is often broken, as seen with the Conti Ransomware Gang and other groups that have been caught providing fake evidence of file deletion and publishing stolen data. The threat of triple extortion, in which ransom is demanded from the original victim and anyone who may have been impacted by the data breach, is becoming even more dangerous, presenting a major challenge for organizations.
With the rise of double extortion attacks, the priority should be placed on prevention to safeguard your business. Enterprotect 360 is here to help, offering comprehensive ransomware protection and prevention capabilities that minimize the risk of a ransomware attack on your network. Its advanced DNS filtering and Web Security features work in tandem to block malicious domains, disrupt communication with known ransomware servers, and ultimately lower the risk of your users falling victim to ransomware and data exfiltration.
Ransomware protection and DNS & Web Security are just a few of the many features included in the Enterprotect 360 cybersecurity platform. If you're looking for a proactive solution to protect your organization from ransomware and other cyber threats, we invite you to try Enterprotect 360 for free by signing up for our free trial.
Frequently Asked Questions
-
Double Extortion Ransomware is a type of ransomware attack that not only encrypts a victim's data but also steals sensitive information and threatens to release it publicly if the ransom is not paid.
-
The attacker first exfiltrates sensitive data from the victim's network, then encrypts the data and demands a ransom for its release. If the ransom is not paid, the attacker threatens to publicly release the stolen data.
-
Any sensitive data stored on the victim's network can be stolen during a Double Extortion Ransomware attack, including financial information, personal data, intellectual property, and more.
-
Any organization that stores sensitive information on its network is vulnerable to Double Extortion Ransomware attacks, although small and medium-sized businesses are particularly at risk due to their limited resources.
-
To protect your organization from Double Extortion Ransomware attacks, it is important to implement robust cybersecurity measures, including regular backups of sensitive data, network segmentation, and proactive threat detection and response.
-
The FBI and most cybersecurity experts advise against paying the ransom, as this only encourages the attackers and funds their future attacks. Instead, organizations should focus on recovering from backups and restoring encrypted data.
-
The best way to detect a Double Extortion Ransomware attack in progress is to implement proactive threat detection and response measures, such as endpoint security software and network monitoring tools.
-
The time it takes for a Double Extortion Ransomware attack to be successful varies, depending on the size and complexity of the target network and the resources of the attacker. In some cases, attacks can be successful within minutes or hours.
-
Double Extortion Ransomware is a more advanced form of ransomware that not only encrypts a victim’s files, but also steals and exfiltrates sensitive data. This data is then threatened to be released or sold if the ransom is not paid. In comparison, regular ransomware only encrypts a victim’s files and demands a ransom for the decryption key.
-
There are several measures organizations can take to protect themselves from Double Extortion Ransomware, including regularly backing up important data, implementing robust cybersecurity measures such as firewalls and antivirus software, and training employees on best practices for avoiding malware infections. Additionally, investing in a comprehensive cybersecurity solution such as Enterprotect 360 can also provide added protection against ransomware attacks.
-
If you suspect your organization has been infected with Double Extortion Ransomware, it is important to act quickly. Disconnect all network devices and computers from the internet, backup all critical data, and then contact a cybersecurity expert for further assistance.
-
In many cases, Double Extortion Ransomware cannot be decrypted without paying the ransom. However, if an organization has a backup of their important data, they may be able to restore their systems without paying the ransom. This is why it is important for organizations to regularly backup their data.
-
Enterprotect 360 provides comprehensive protection against Double Extortion Ransomware by incorporating advanced security features such as DNS filtering and Web Security. These features prevent communication with known ransomware servers and block malicious domains, reducing the risk of a ransomware attack and limiting the chances of data exfiltration. Sign-up for a Free Trial of Enterprotect 360 Today!