Double blackmail ransomware attacks follow a similar protocol as a typical ransomware attack. But they come with an extra threat: the victim must pay a ransom not only to regain access to their technology and data, but also to prevent data from being uploaded publicly online. Dual blackmail ransomware attacks are particularly worrying, as these incidents can further pressure organizations to comply with redemption requirements to keep their data private.
The number of ransomware attacks involving double-tapping tactics jumped from 229 to 2,371 in one year, an increase of 935% unparalleled, according to new research from Group-IB. This article examines how these attacks work and why they increase.
How Double Blackmail Ransomware Attacks Work
Double blackmail ransomware attacks begin like most other ransomware incidents: A cybercriminal first gains access to his or her target device or server, often through phishing, insecure websites, or malicious attachments. From there, the cybercriminal can compromise the victim̵7;s technology and encrypt the data stored on it. Then the cybercriminal delivers his demand for redemption and the accompanying consequences for non-compliance.
In contrast to a typical ransomware incident, however, the consequences of a double extortion attack are twofold. This means that failure to pay the ransom can result in the cybercriminal permanently restricting the victim’s access to their technology and sensitive data and sharing this information publicly on the internet. Although ransomware blackmail attacks can occur in any organization, these incidents are most common in facilities that store a significant amount of sensitive data. This includes healthcare facilities, financial institutions, government organizations and large retail companies.
Double blackmail ransomware attacks can be significantly more harmful to affected organizations than typical ransomware incidents. This is because even if organizations have protocols in place (such as storing data in multiple secure locations) that allow them to recover their compromised information without paying a ransom, they may still be pressured to do so to prevent that their data become public. After all, hacking can lead to further consequences – including damage to reputation, fines and class actions.
In addition, cybercriminals who carry out double extortion ransomware attacks are known to demand higher ransom, sell or exchange stolen data to other attackers for future extortion attempts and still continue to share data publicly even after the ransom has been paid (whether intentionally). or by chance) – which makes these attacks all the more harmful.
Double Outtortion Ransomware attacks are increasing
As noted by Group-IB, double extortion increased ransomware attacks by 935% in just one year. Thanks to an unholy alliance of ransomware-as-a-service actors and initial asset brokers (parties that sell access to corporate systems), cybercriminals were able to reach new heights in 2021, according to Group-IB’s report on the latest trends in technology-based crime.
The partnership between the two groups enables threats actors to use their choice of attack on already compromised systems and opens the door to a wide range of “beginners” to ransomware.
“The fact that tools for carrying out full-fledged attacks on corporate networks are widely available means that underground players can make money almost without risk or effort,” said Group-IB. “The market for initial access has been flooded by low-skilled threat players who, despite their poor knowledge of the technical aspects, pose a threat to companies.”
According to the report, this multimillion-dollar market expanded by 204% between the second half of 2018 to the first half of 2020. It grew another 16% between 2020 and 2021 to an estimated value of $ 7.2 million, Group-IB added.
US-based organizations are by far the most popular targets for brokers with initial access, with manufacturing, training and financial services as the top industries. Another recent report from the company found that between 2019 and 2020, ransomware players earned at least $ 1 billion from their malicious efforts.
Once in, cybercriminals have shown an increasing preference for double blackmail by both encrypting systems and exfiltering data as leverage. The report found that much of the information was leaked online, regardless of whether a ransom was paid.
“In the first three quarters of 2021, ransomware operators released 47% more data on attacked companies than in the whole of 2020,” said Group-IB researchers. “Given that cybercriminals release data on only about 10% of their victims, the actual number of victims of ransomware attacks is likely to be dozens more.”
Group-IB estimates that about 30% of the victims’ companies pay a ransom. The Conti ransomware group has proven to be the most aggressive when it comes to data leakage, followed by Lockbit, Avaddon, REvil and Pysa.
Prevent Double Blackmail Ransomware Attacks
When it comes to combating double blackmail ransomware attacks, it is important to prioritize common measures to prevent ransomware. These include conducting routine training for employees on how to detect potential ransomware risks (such as suspicious emails or attachments), implementing policies prohibiting browsing unsafe websites on the organization’s servers or devices, and installing adequate security features on all workplace technologies. (eg virtual private network, antivirus software, data encryption software, e-mail spam filter, internet firewall and patch management system).
In addition to these important preventative measures, the best way to reduce the risk of double-clicking ransomware attacks is to establish an effective cyber-incident response plan for your organization. This plan should explicitly address scenarios for double blackmail of ransomware attacks and describe measures that employees should take to limit the damage during such an event.
Finally, it is important to ensure adequate insurance coverage for ultimate peace of mind in the event of a ransomware attack. Dedicated cyber insurance can provide much-needed support and resources when an attack occurs, minimizing potential damage and financial consequences to your organization.
We can help.
In addition to taking reasonable steps to reduce the likelihood of an attack, we must be realistic and understand that we will all inevitably deal with a cyberattack with ransomware at some point.
The two most important questions you need to answer as an entrepreneur are:
- Will I know how to respond when a cyberattack occurs?
- Will my company survive the devastating consequences of a cyberattack?
The planning you do today, the strategic partnerships you establish and the suitability of yours Cyber and data intrusion insurance are all important components to safely answer the question of ‘will my company survive after a cyber attack“with a resounding”ABSOLUTELY. ‘
We understand the negative effects a cyberattack can have on your organization; we have seen on our own how it affects customers. We also know which insurance companies provide the widest insurance coverage to help you recover from an attack.
But we do not stay there.
The best place to start is with your own internal operations, the security measures you have in place, the controls implemented to prevent a data breach and the action plans in the event of a breach.
In addition to providing cyber and data breach protection, we can also provide you with several services to help you position your business for the best insurance premiums offered by the country’s strongest insurance companies. Specifically, we can:
- Provide data security resources designed to keep your data and network secure
- Perform a cyber risk assessment of your business to help identify areas of weakness and offer solutions to reduce exposures
- Help you develop and implement an incident management plan
If you want additional information and resources, we are here to help you analyze your needs and make the right coverage coverage to protect your business from unnecessary risks. You can download a free copy of our e-book, or if you are ready to make Cyber Liability Insurance part of your insurance portfolio, request a suggestion or download and get started with our Cyber & Data Breach Insurance Application and we will work for you.