Double extortion ransomware is a new and upcoming ransomware technique that leaves its victims in a quandary. Nothing short of a double-edged sword, this attack not only encrypts a victim's sensitive data but also exploits it to collect ransom payments.
So, what is double extortion ransomware, and how did it originate? What happens during these attacks? And are there ways that can help protect you against them?
The Origins of Double Extortion Ransomware
More and more businesses are becoming security-conscious and investing in disaster recovery plans to mitigate ransomware. This shift has brought down the surge in ransomware incidents; cybercriminals now resort to double extortion to counter this.
While still considered a newbie threat tactic, double extortion ransomware has been lurking around since the end of 2019. Maze ransomware was one of its first versions, and newer strains have emerged since then.
Double extortion ransomware follows a "pay-now-or-get-breached-later" methodology. By exfiltrating your data and threatening to publish it on the web or sell it on the black market, they ensure that you have no way out but to pay the hefty ransom money.
What Happens During a Double Extortion Attack?
This two-pronged attack exfiltrates and encrypts the victim's data simultaneously. So, it provides extra leverage to the cybercriminals to collect the ransom money.
In the initial sequence of attacks, the cybercriminals get hold of a victim's network. They do this by employing several tactics, including phishing, malware, and brute-forcing an RDP server.
Once they have trespassed the network, the criminals try to locate and secure access to all the valuable assets and connected endpoints by moving laterally. The high-valued assets are then transferred to the criminal's storage network.
The final phase of double extortion ransomware entails encrypting the data and demanding a ransom. Usually, if the victims refuse to pay the ransom, the attackers will either sell the stolen data or publish it on public blogs and online forums.
Recent Double Extortion Attacks
Double extortion ransomware gangs are mushrooming and are often found on the dark web.
In 2019, cybercriminals carried out an attack on Allied Universal—an American security systems and services provider. When the company refused to make the hefty payment, the ransomware gang increased the ransom amount by 50% and threatened to use the stolen data in a spam operation. To prove their point, they also leaked some information such as certificates, contracts, and medical records on the internet.
Another double extortion ransomware that made the headlines was on the Colonial Pipeline in May 2021. The gang named DarkSide carried out this attack and stole 100 GB of data. Colonial Pipeline was forced to pay $5 million in ransom payments, to clear the gas from flowing again through the pipeline.
Tips to Stay Protected from Double Extortion Ransomware
Since double extortion ransomware is double the trouble, you need to be extra prepared to mitigate it. Here are some tips that can protect you from becoming a victim:
1. Implement a Zero-Trust Plan
Traditional security infrastructures are feeble in the sense that they can trust any user or device inside a network. If a threat actor somehow gets access to a network, they can easily pave their way inside without repercussions.
In a zero-trust policy, every outside entity is deemed hostile until proven trustworthy. Only bare minimal access to resources is granted.
2. Invest in Ransomware Insurance
Ransomware insurance is a type of coverage that covers financial losses, including ransom fees and business interruptions costs that result from a ransomware attack.
Make sure your organization invests in a ransomware insurance policy, especially one that covers double extortion ransomware attacks.
3. Perform Attack Simulations
Conducting simulated attacks and setting up sandboxing and vulnerability assessments is a great way to mitigate ransomware.
Test attacks are designed to highlight the vulnerabilities that are present in your network so you can fix them ahead of time.
4. Update Your Devices
Outdated software and devices play a major role in helping exploits like malware and ransomware attacks find their way inside your network.
Therefore, it is important to ensure that all your internet-facing devices are updated with the latest software patches in place.
5. Patch Known Vulnerabilities
To mitigate ransomware attacks, you must patch vulnerabilities as soon as you notice them.
This provides a window of opportunity to remediate any primary infection. Thanks to this extra time, you can stop vulnerabilities from turning into ransomware attacks.
Employ Two-Factor Authentication
Two-factor authentication adds an extra layer of mitigation, so make sure it is enforced throughout your organization.
Two-factor authentication discourages the threat actors from laterally moving inside the network, thus making it difficult for them to carry out ransomware attacks.
6. Monitor Data Logs
Ensure that your company monitors data logs. Monitoring of your data logs can detect any unusual activity or data exfiltration attempts.
7. Educate Your Staff
Besides providing proper security awareness training to all employees, your company should also educate staff on what double extortion ransomware is, how it is distributed, and its associated risk factors.
This ensures that the entire organization is on the same page when it comes to mitigating ransomware attacks.
8. Remote Browser Isolation
Remote Browser (RB) isolation is an emerging cybersecurity model that aims to physically isolate an internet user's browsing activity from their local networks and infrastructure.
This practice prevents many browser-based security exploits such as ransomware and malware attacks and is usually delivered to customers as a cloud-hosted service.
Squash Double Extortion Ransomware Proactively
Double extortion ransomware is the latest entry into the evergrowing arsenal of cybercriminals. Once you become a victim of double extortion, it can be challenging to break free without breaking your bank first.
But financial setbacks are not the only problem, as double extortion attacks can also compromise a company's intellectual property—causing significant reputational damage and compliance issues.
Therefore, when it comes to double extortion ransomware, instead of a reactive approach, defending your organization proactively with proper security practices in place is more important than ever.