Double Extortion Through Ransomware Attacks: Why CISOs Should Worry

Ransomware attacks are no longer confined to extracting a single ransom. Cybercriminals are now demanding payments and are releasing stolen information on the dark web even after a ransom is paid. The scale and frequency of ransomware attacks have also undergone a sea change in recent years. Here’s a look at the shifting patterns in ransomware attacks in 2022 and how businesses can avoid being victims.

In 2021, significant ransomware attacks targeting Colonial Pipeline and JBS Foods laid bare how operations of the world’s largest corporations could be crippled for days, forcing them to pay a ransom to restore services. The frequency of such attacks escalated following the switch to hybrid work, making 74% of IT decision-makers call for ransomware attacks to be labeledOpens a new window as national security threats.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently warnedOpens a new window that sophisticated “high-impact” ransomware attacks on critical infrastructure sectors are rising worldwide. The advisory said that it’s becoming more difficult to identify certain criminal groups conclusively because of the complicated networks of developers, affiliates, and freelancers. Following is a list of ransomware patterns/trends seen in three countries (U.S., the UK, and Australia):

• Hackers increasingly use phishing, stolen Remote Desktop Protocols (RDP) credentials, brute force, and software vulnerabilities to establish network access.
• The ransomware industry has become more “professional,” increasing cybercriminal services-for-hire.
• Ransomware gangs increasingly exchange victim information, including access to victims’ networks.
• The methods used by cybercriminals to extract money are becoming more diverse.
• Techniques attacking the cloud, managed service providers, industrial processes, and the software supply chain have increased the effect of ransomware gangs.
• During the holidays and weekends, ransomware hackers are increasingly attacking companies.

See More: Biggest Ransomware Attacks of 2021: A Look Back at the Chart Toppers

Why Should CISOs Worry?

According to recent research from Venafi, companies of all sizes face the novel threat of double- and triple-extortion tactics by hackers. Following are some of the findings from the survey:

• Despite paying a ransom, 18% of victims still faced data leaks on the dark web
• 83% of successful ransomware attacks feature double/triple extortion
• More than 35% of victims who paid a ransom could not retrieve their data.

These figures should undoubtedly cause concern for organizations across sectors, particularly CISOs. “Ransomware attacks have become much more dangerous. They have evolved beyond basic security defenses and business continuity techniques like next-gen antivirus and backups,” said Kevin Bocek, vice president of business development and threat intelligence at Venafi. 

“Organizations are unprepared to defend against ransomware that exfiltrates data, so they pay the ransom, but this only motivates attackers to seek more. The bad news is that attackers are following through on extortion threats, even after the ransom has been paid! This means CISOs are under much more pressure because a successful attack is much more likely to create a full scale service disruption that affects customers.”

As many as 71% of IT decision-makers surveyed by Venafi said that double- and triple-extortion techniques have become more prevalent in the previous 12 months, and 65% think that these new threats make it difficult to refuse extortion money.

Furthermore, about 38% of attacks involve hackers using stolen data to blackmail consumers, 35% involve hackers threatening to reveal stolen data on the dark web, and 32% involve hackers threatening to notify the victim’s clients that their data has been hacked.

Organizations of all sizes are facing new security difficulties as a result of these approaches. Ransomware exploits are changing quicker than the security safeguards needed to fight against them, according to nearly three-quarters (72%) of IT decision-makers. These risks are so serious that two-thirds of IT decision-makers (67%) believe that public reporting of ransomware attacks can assist in halting the spread of these new attack tactics. Another 77% believe governments should do more to help private enterprises fight against ransomware.

See More: Ransomware Attacks Grew 29% in 2021, May Cause Greater Carnage in 2022

“Threat actors are constantly evolving their attacks to make them more potent, and it’s time for the cybersecurity industry to respond in kind,” explained Bocek. “Ransomware often evades detection simply because it runs without a trusted machine identity. Using machine identity management to reduce the use of unsigned scripts, increase code signing and restricting the execution of malicious macros are vital to a well-rounded ransomware protection.”

Preventing or Minimizing Ransomware Attacks

Introduce more backups: Ransomware actors can compromise a backup system by first weaseling their way into the network through the company’s system. As a result, we need to back up the data to the cloud – or to a local storage device that isn’t directly attached to the computer.

Implement cyber-training/security programs: Implementing effective cybersecurity training for staff is one strategy to improve security posture and reduce the chance of being exploited or attacked. Companies can conduct in-house security training, enroll employees in cybersecurity courses or get them access to virtual conferences to learn from people who are experts in the field. Allowing them to attend these seminars and training sessions is a wise investment for the company. Considering that workers are frequently in charge of confidential data, training them on safer online activities becomes necessary.

Put a disaster recovery plan in place: A well-thought-out disaster recovery plan (DRP) can assist companies in quickly responding to adverse situations like cyberattacks.

Email screening and phishing simulations: Since most ransomware is delivered by email, learning to avoid phishing is one of the most critical strategies to defend yourself against a ransomware strike. Malvertising, or dangerous web links contained in adverts, is another method to get caught with ransomware. Also, employees should be taught about the hazards of ransomware through simulated phishing.

Has your organization faced double-extortion threats from hackers? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

MORE ON RANSOMWARE ATTACKS:

• 3 Ways To Make Your Organization More Resilient to Ransomware Attacks

• A Midsize Company’s Guide to Ransomware Protection

• 700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?
• Ransomware: Is Your Sensitive Data Protected, or Will You Have To Pay Up?