Enterprotect

View Original

Double Trouble: Understanding the Growing Threat of Double Extortion Ransomware

The rise of double extortion in the world of cyber attacks is a cause for concern. This dangerous form of ransomware targets not only individual files but also entire networks, posing a significant risk to both individuals and businesses. First introduced by the Maze ransomware group in 2019, double extortion has since been adopted by a growing number of ransomware gangs, with over 16 gangs now utilizing this tactic to coerce their victims. The number of companies whose data has been exposed on data breach sites has seen a staggering 935% increase, highlighting the severity of this threat. The growth of the ransomware industry can be attributed to the rise of ransomware-as-a-service (RaaS) affiliate market. This article delves deeper into the world of double extortion and the current state of this growing threat.

Why Double Extortion is on the Rise

Ransomware attacks have been a constant threat to businesses, with hackers using malicious software to encrypt valuable data and demand a ransom payment for its release. However, in recent years, ransomware gangs have changed their tactics in response to better cybersecurity measures by businesses. This shift has led to the emergence of "double extortion," a more potent form of attack.

Double extortion not only involves encryption of data but also the theft of sensitive information. The hackers then threaten to publish or sell the stolen information on the dark web, making companies more likely to pay the ransom to avoid further harm. This shift in tactics makes traditional data backup and recovery methods useless and makes double extortion a much more serious threat.

The trend towards double extortion can be traced back to the destructive WannaCry and NotPetya ransomware attacks in 2017, which prompted businesses to increase their cyber defenses. As businesses became more resilient, ransomware gangs adapted by monetizing stolen data. Groups like REvil (also known as Sodinokibi) have now made double extortion one of the most common and dangerous forms of ransomware attacks.
 

The Growing Impact of Double Extortion on Businesses

A recent study commissioned by Sophos called "The State of Ransomware for 2022" polled over 5600 IT professionals from mid-size organizations about the impact of ransomware on their businesses. Out of these respondents, over 900 were willing to share specific details about ransom payments. The study revealed that 66% of companies were affected by ransomware in 2022, compared to 37% in 2020. This increase is partly due to the growing number of victims and the effectiveness of double extortion as a tactic. In fact, double extortion has become a common practice in business ransomware campaigns, leading to higher ransom amounts being paid.
 

Real-Life High-Profile Examples of Double Extortion

In the spring of 2021, a well-known chemical wholesaler, Brenntag, was hit with a devastating ransomware attack by the DarkSide gang. The attack resulted in the loss of a significant amount of corporate data, estimated to be around 150 gigabytes.

According to reports, the hackers demanded a ransom payment of $7.5 million, but Brenntag was able to negotiate down to $4.4 million, which was paid on May 14 to avoid the leaked data from being made public.

Another high-profile case of double extortion happened when the computer manufacturer, Acer, was targeted by the notorious hacking group REvil. This same group was responsible for the attack on the foreign exchange company, Travelex. In May 2021, REvil launched an attack on Acer and demanded a ransom of a staggering $50 million, the highest ever recorded. To add insult to injury, the hackers also used a Microsoft Exchange server vulnerability to access Acer's data, and even released photos of confidential financial papers and spreadsheets.
 

Payment Doesn't Guarantee Data Protection

Unfortunately, many businesses have learned the hard way that paying the ransom doesn't always secure their data. This was shown in the Acer case and numerous others.

The Conti Ransomware Gang, a Russian group offering ransomware-as-a-service, is gaining a negative reputation for their untrustworthiness. Despite receiving the ransom, they have been caught providing fake evidence of file deletion and even publishing stolen data on their website, Conti News.

This unreliable behavior is one of the reasons why the group has developed a negative reputation. It also undermines the entire ransomware business model, which relies on the trust between the attacker and the compromised organization. If this trust is broken, the model simply falls apart. After all, if businesses can't trust that their data will be kept confidential even after paying the ransom, what's the point of paying it in the first place? Although ransomware is illegal, it has been a profitable enterprise, but only because of this trust.
 

The Growing Threat of Triple Extortion

As you’ve read, double extortion is becoming a common occurrence in the cyber world. However, an even more concerning trend is the rise of triple extortion attacks. This type of attack goes one step further than double extortion and not only demands a ransom from the original victim, but also from anyone who may have been impacted by the data breach.

With the increase in ransomware payments, attackers are becoming more audacious in their tactics and are not hesitating to launch follow-up attacks in the hope of obtaining even more money. This presents a major challenge for organizations, as they must not only secure their systems from the initial attack, but also from subsequent attacks that may follow.

Triple extortion attacks are particularly dangerous as they not only impact the original victim, but also anyone who may have been impacted by the data breach. This could include clients, partners, and even competitors who may have sensitive information compromised as a result of the attack.

Protecting Your Organization from Ransomware Attacks

It's no secret that ransomware attacks are on the rise and they're only getting more sophisticated. But don't worry, there are steps you can take to protect your organization from these attacks. Download our free ransomware prevention ebook now to understand the strategies you need to put in place to keep your organization safe and secure. 


Download the Free ebook

Ransomware Prevention for IT Pros

Best Practices for Keeping Your Company Secure

In our free ebook, we share proven strategies to keep your organization's digital infrastructure safe from ransomware. In it, you'll discover tried and true tactics in use today that thwart ransomware attacks every single day.

Download our free ransomware prevention whitepaper now to understand the strategies you need to put in place to keep your organization safe and secure. 


Conclusion

The rise of double extortion in the world of cyber attacks is a growing concern for businesses and individuals alike. The trend of double extortion, in which hackers not only encrypt valuable data but also steal sensitive information and threaten to publish it, is becoming more prevalent, as evidenced by the growing number of cases reported and the increase in ransom payments. The growth of the ransomware industry can be attributed to the rise of ransomware-as-a-service (RaaS) affiliate market and the better cybersecurity measures of businesses. Despite the increase in ransomware payments, the trust between the attacker and the compromised organization is often broken, as seen with the Conti Ransomware Gang and other groups that have been caught providing fake evidence of file deletion and publishing stolen data. The threat of triple extortion, in which ransom is demanded from the original victim and anyone who may have been impacted by the data breach, is becoming even more dangerous, presenting a major challenge for organizations.

With the rise of double extortion attacks, the priority should be placed on prevention to safeguard your business. Enterprotect 360 is here to help, offering comprehensive ransomware protection and prevention capabilities that minimize the risk of a ransomware attack on your network. Its advanced DNS filtering and Web Security features work in tandem to block malicious domains, disrupt communication with known ransomware servers, and ultimately lower the risk of your users falling victim to ransomware and data exfiltration.

Ransomware protection and DNS & Web Security are just a few of the many features included in the Enterprotect 360 cybersecurity platform. If you're looking for a proactive solution to protect your organization from ransomware and other cyber threats, we invite you to try Enterprotect 360 for free by signing up for our free trial.

Frequently Asked Questions