Double extortion ransomware has risen in popularity to become a favored tactic among hackers. What is double extortion ransomware and what has led to its deployment?
Traditional ransomware still remains a threat
Ransomware attacks have been a headline news staple for years now, thanks to a dramatic escalation of incidents springing from the world’s increased dependence on interconnectivity during the COVID-19 pandemic.
Remote workforces, overworked IT departments and a general lack of cybersecurity prioritization across the board created an online environment rich with opportunities for scam artists and hackers.
Cybercrime gangs, quick to capitalize on any means by which to part an organization with its money or data, have seized the moment.
From the Colonial Pipeline to Kaseya and JBS USA, no industry has remained untouched by the effects of the recent wave of ransomware attacks.
Double extortion ransomware explained
A double extortion attack follows the same basic framework as a traditional ransomware deployment. Malware is downloaded through various means but often injected via a phishing campaign. This encrypts a victim’s system and paralyzes their network.
The criminals ask for a ransom in exchange for a key that decrypts the data and restore authorized network access.
Double extortion attackers then also threaten to sell said data on the dark web if their demands aren’t met.
The “no win” scenario created by double extortion is enough to back even the most cautious, well-informed organizations into a corner.
Why is double extortion ransomware becoming popular?
Ransomware awareness is increasing
Ransomware’s devastating effect on industries and organizations has not gone unnoticed.
It’s been a hot topic among world leaders, with international governments looking for ways to put an end to the “global security threat” posed by cybercriminals. US President Joe Biden spoke to Russian President Vladimir Putin specifically about Moscow’s role in both harboring and profiting from homegrown ransomware gangs that target rival countries.
Organizations are bolstering their cybersecurity, installing modern defenses and taking the threat of a crippling cyberattack seriously.
Governments are pooling resources and collaborating on stings that see seemingly untouchable hackers arrested and tried for their crimes.
Victims know paying up is a bad idea
While many ransomware attacks seem to be resolved behind closed doors as organizations find themselves forced to negotiate with criminals, word is getting around that this act of desperation may not be the quick fix people are hoping for.
Paying a ransom in no way guarantees that encrypted data will be returned. It may also be permanently corrupted through the process of decryption, making it worthless even if access is restored.
Alarmingly, many victims of ransomware find themselves in the crosshairs repeatedly after making their first payment.
The very same attacker may strike again and require an even larger payout than before.
Additionally, the hacker community may deem the victim organization to be an easy mark and pummel them with any number of attacks.
Paying may be illegal
Law enforcement discourages paying ransom, as lining criminal pockets only encourages more of the same activity. Paying a ransom is also seen as funding cyber terrorism and potentially funneling money to malicious, foriegn governments.
Legislation making it illegal to pay ransomware attackers is being considered by many world governments.
The result of this increased scrutiny and security is less willingness among victims to play ball with criminals, requiring more pressure to do so.
The future of ransomware
Hackers are resourceful and continue to devise new ways to manipulate their victims to get what they want.
Recently, the BlackCat ransomware gang built a website that listed personal information belonging to the employees of a hotel and spa they attacked in Oregon.
BlackCat is operating with the hope that individual employees, upon learning that their data is at risk of exposure, will plead with their employer to give in to the criminals’ demands.
Since this tactic has not yet been reported elsewhere, perhaps BlackCat is testing its effectiveness.
It can also be assumed that this strategy is likely already being developed by other ransomware gangs and will show up after attacks are carried out on larger entities as well.
While the eradication of ransomware feels like a pipedream, one can imagine that increased legal challenges with regard to paying hackers, combined with deepening awareness regarding the dangers of doing so, could make such attacks feel less like a slam dunk for those who profit from them.
As the screws tighten on ransomware attackers, it is likely that their desperation will yield ever more unscrupulous ways to bend targets to their will.
Protect your business from double extortion ransomware
Keep the hackers at bay by following some of these foundational cybersecurity suggestions:
- Employ zero-trust protocols to ensure that all traffic on your network is continually verified.
- Use a VPN to help hide your web traffic and keep your web browsing activity away from prying eyes.
- Maintain good cyber hygiene with regard to your passwords and login credentials. Never reuse passwords and make sure they are impossible to guess.
- Hackers prey on vulnerabilities. Keep all of your operating systems, software and firmware patched by setting up automatic updates.
- Don’t forget your hardware. You can upgrade old firewalls and network components with refurbished upgrades from a reputable dealer.
- Equip employees with devices that are company controlled so you can restrict what they use them for and push updates to them automatically.
- Keep your staff trained on how to identify phishing scams as well as the latest cybersecurity trends.
- Avoid shadow IT by only allowing work to be done via approved platforms.
