Ransomware: There's been a big rise in double extortion attacks as gangs try out new tricks

More and more ransomware gangs are adopting tactics around threatening to publish stolen data in an effort to force victims to pay.
Written by Danny Palmer, Senior Writer

There's been a big rise in the number of ransomware gangs that threaten to release information stolen from the victims if they don't pay the ransom for the decryption key required to restore their network.

The idea behind these 'double extortion' ransomware attacks is that even if the victim organisation believes it can restore its network without giving into the ransom demands of cyber criminals – which regularly cost millions of dollars in Bitcoin – the threat of sensitive information about employees or customers being exposed could still push victims to giving into the blackmail, and paying the ransom.

Even then, there's no guarantee that the cyber criminals behind the ransomware attack will delete the stolen data – they could exploit it down the line, or sell it onto other crooks on dark web forums.

SEE: Security Awareness and Training policy (TechRepublic Premium)

These attacks have become extremely successful – and lucrative – for cyber criminals and cybersecurity researchers at ZeroFox have tracked the activity of over two dozen dark web leak sites associated with ransomware attacks over the past year, as more and more cyber-criminal groups move towards this form of extortion.

The ransomware gangs that are most successful with double extortion attacks are those that first adopted it in their attacks, such as Revil, Maze, Netwalker, and DoppelPaymer, but others have followed in their footsteps and are finding plenty of success in 2021.

Groups like Conti and Egregor have become most prolific over the course of this year – with the report pointing out how the latter group has allegedly gained success by recruiting members of other ransomware gangs, including Maze, which supposedly shut down in November last year.

The recruitment of authors of other ransomware operations indicates how this particular type of malware has developed into a competitive market.

Much like legitimate software companies, groups want to hire the best people to ensure that their product is as successful as possible – unfortunately, in this case, success comes at the cost of innocent victims who find their networks have been encrypted by a ransomware attack.

But it isn't just threats to leak data now, as the report points out how some ransomware groups are launching Distributed Denial of Service (DDoS) attacks against victims, overwhelming what remains of the network with traffic to the extent that it isn't usable – and leveraging that as an additional method of forcing the victim to pay up.

SEE: This company was hit by ransomware. Here's what they did next, and why they didn't pay up

Ultimately, double extortion techniques have become so common amongst ransomware gangs because the attacks work and many organisations are unfortunately giving into ransom demands as cyber criminals in this space get more persistent and more aggressive.

For organisations, the best way to avoid having to make a decision over paying cyber criminals in the hope they don't publish their stolen data online is for their network to be secure enough to prevent cyber criminals from being able to get in to start with.

Cybersecurity procedures that can stop cyber criminals from infiltrating the network in the first place include applying security patches as soon as possible, so attackers can't exploit known vulnerabilities and deploying two-factor authentication across all users, so that if attackers do breach an account, it's difficult for them to move laterally around the network.


Editorial standards