The rise in double extortion ransomware attacks.

Double extortion ransomware attacks are on the rise. According to CipherTrac these types of attacks increased by 500% last year with payments to ransomware groups reaching $590m in the first six months.

These insidious attacks use the same concept as a ransomware attack but worse. Once the hacker has gained access to the organization’s IT network, they infiltrate the data and encrypt the system. They think of this as their own backup policy. If, for example, an organization has a good immutable backup and can recover its systems without paying the ransom, then the attackers can change tack and threaten to publicly leak all the data they have already exfiltrated, which could lead to fines and prosecution from customers, if they don’t receive payment.

However, even if the victim does decide to pay to retrieve its decryption key, cyber gangs can still use the data as leverage, threatening to leak the information in return for a second ransom payment. And some criminals don’t stop there. They then sell the intelligence and data they now hold on the company onto other cyber gangs – a triple extortion ransomware attack – increasing the chances of the company being hit once again and the entire ransom

cycle starting once more. Any organizations that paid up are also flagged as a soft target. A bit like a credit scoring, cyber gangs rate the ‘good payers.’

The lesser of two evils

Paying ransoms just perpetuates the cycle of cyber-attacks. If no one paid, then there would be no funds to fuel the criminal gangs.

It’s not that straightforward though when a business is faced with the choice of either meeting the ransom demand or potentially facing ruin. Criminals know the threat they pose. They know that often organizations will do anything to release themselves from the grip of these gangs so they can be up and running again – it’s a lesser of the two evils.

However, the decision to comply with the criminals can often be taken out of an organization’s hands by insurance companies. They suddenly become back seat passengers in the ransom process. I’ve worked on cases where legal teams of the victim organization have stated that if the attack is deemed to originate from Russia, then to pay would be a breach of UK sanctions.

Companies shouldn’t engage with threat actors until they’ve had clarity from their insurance company. Policies can stipulate many things from the maximum amount the insurers will pay out to the requirement for the insurers or underwriters to carry out an initial assessment before doing anything further. We’ve seen the damage these attacks have had on businesses for example, following a major ransomware attack nearly eight months on Gloucester City Council, the Council is still rebuilding its IT system.

After an attack, most businesses will be busy trying to recover data from their encrypted systems whilst struggling to identify what files or data may or may not have been removed. There’s a risk that the attacker could just be pretending to have your files, but in the majority of cases, they will have identified the most sensitive areas and exfiltrated the files before encrypting them.

Protect against double extortion ransomware

Unfortunately, without adequate cyber defence systems in place, proper governance and control, and adequate employee cyber awareness training, double extortion ransomware attacks are an easy way for hackers to wreak the most devastation possible. It just needs a user to click on the link or to fall foul to a phishing email, and there are network vulnerabilities constantly emerging for criminals to penetrate.

According to the US National Security Chief, 80% of cyber-attacks could be stopped if Multi-Factor Authentication (MFA) was enabled and enforced. The Cyber Essentials certification scheme equally requires organizations to have Two Factor Authentication and MFA, for networks to be patched every seven-to-14-day cycles, and for UK businesses to prevent anyone outside of the UK from accessing their network. By blocking all non-UK IP addresses limits the organization’s exposure to foreign attacks.

However, nothing is ever 100% secure. A large part of minimizing risk and the impact from an attack is to ensure you’ve identified the many ways a system can be compromised and what’s your company’s incidence response plan in the event of an attack.

Many large enterprises will have a plan in place, with key steps to implement upon a breach from first stage communications to how the internal team can work together to remediate the attack as quickly as possible. How will they recover, backup and encrypt data, for example? The speed at which you can react to a breach will be critical to minimizing the damage of an attack.

In the event of a breach, ensure you can gain swift access to a battle box containing all critical business information such as these incident response plans, cyber insurance documents, critical telephone numbers etc. Store these

separately from the corporate network such as on Google or another provider so it can’t be compromised. The same goes for ensuring that you have a good backup system in place located away from the main corporate network so hackers can’t move laterally across your systems. I’ve seen incidents where organizations have told the attackers that they can’t afford to pay the demands, by which the attackers responded by sending the organization their own cyber insurance policy, demonstrating why organizations should store such data externally.

For businesses that may not want the additional cost of storing their battle box remotely, the alternative is to have a printout stored securely in a safe, but this means ensuring to keep it updated and reprinted which can easily be forgotten.

Double extortion ransomware attacks will only get more sophisticated and common as organizations fall privy to the antics of cyber criminals and their demands. The way to stop them in their tracks is to be prepared and that means people, processes and technology.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...