The rise in double extortion ransomware attacks.

An image of , Business, The rise in double extortion ransomware attacks.

Double extortion ransomware attacks are on the rise. According to CipherTrac these types of attacks increased by 500% last year with payments to ransomware groups reaching $590m in the first six months.

These insidious attacks use the same concept as a ransomware attack but worse. Once the hacker has gained access to the organization’s IT network, they infiltrate the data and encrypt the system. They think of this as their own backup policy. If, for example, an organization has a good immutable backup and can recover its systems without paying the ransom, then the attackers can change tack and threaten to publicly leak all the data they have already exfiltrated, which could lead to fines and prosecution from customers, if they don’t receive payment.

However, even if the victim does decide to pay to retrieve its decryption key, cyber gangs can still use the data as leverage, threatening to leak the information in return for a second ransom payment. And some criminals don’t stop there. They then sell the intelligence and data they now hold on the company onto other cyber gangs – a triple extortion ransomware attack – increasing the chances of the company being hit once again and the entire ransom

cycle starting once more. Any organizations that paid up are also flagged as a soft target. A bit like a credit scoring, cyber gangs rate the ‘good payers.’

The lesser of two evils

Paying ransoms just perpetuates the cycle of cyber-attacks. If no one paid, then there would be no funds to fuel the criminal gangs.

It’s not that straightforward though when a business is faced with the choice of either meeting the ransom demand or potentially facing ruin. Criminals know the threat they pose. They know that often organizations will do anything to release themselves from the grip of these gangs so they can be up and running again – it’s a lesser of the two evils.

However, the decision to comply with the criminals can often be taken out of an organization’s hands by insurance companies. They suddenly become back seat passengers in the ransom process. I’ve worked on cases where legal teams of the victim organization have stated that if the attack is deemed to originate from Russia, then to pay would be a breach of UK sanctions.

Companies shouldn’t engage with threat actors until they’ve had clarity from their insurance company. Policies can stipulate many things from the maximum amount the insurers will pay out to the requirement for the insurers or underwriters to carry out an initial assessment before doing anything further. We’ve seen the damage these attacks have had on businesses for example, following a major ransomware attack nearly eight months on Gloucester City Council, the Council is still rebuilding its IT system.

After an attack, most businesses will be busy trying to recover data from their encrypted systems whilst struggling to identify what files or data may or may not have been removed. There’s a risk that the attacker could just be pretending to have your files, but in the majority of cases, they will have identified the most sensitive areas and exfiltrated the files before encrypting them.

Protect against double extortion ransomware

Unfortunately, without adequate cyber defence systems in place, proper governance and control, and adequate employee cyber awareness training, double extortion ransomware attacks are an easy way for hackers to wreak the most devastation possible. It just needs a user to click on the link or to fall foul to a phishing email, and there are network vulnerabilities constantly emerging for criminals to penetrate.

According to the US National Security Chief, 80% of cyber-attacks could be stopped if Multi-Factor Authentication (MFA) was enabled and enforced. The Cyber Essentials certification scheme equally requires organizations to have Two Factor Authentication and MFA, for networks to be patched every seven-to-14-day cycles, and for UK businesses to prevent anyone outside of the UK from accessing their network. By blocking all non-UK IP addresses limits the organization’s exposure to foreign attacks.

However, nothing is ever 100% secure. A large part of minimizing risk and the impact from an attack is to ensure you’ve identified the many ways a system can be compromised and what’s your company’s incidence response plan in the event of an attack.

Many large enterprises will have a plan in place, with key steps to implement upon a breach from first stage communications to how the internal team can work together to remediate the attack as quickly as possible. How will they recover, backup and encrypt data, for example? The speed at which you can react to a breach will be critical to minimizing the damage of an attack.

In the event of a breach, ensure you can gain swift access to a battle box containing all critical business information such as these incident response plans, cyber insurance documents, critical telephone numbers etc. Store these

separately from the corporate network such as on Google or another provider so it can’t be compromised. The same goes for ensuring that you have a good backup system in place located away from the main corporate network so hackers can’t move laterally across your systems. I’ve seen incidents where organizations have told the attackers that they can’t afford to pay the demands, by which the attackers responded by sending the organization their own cyber insurance policy, demonstrating why organizations should store such data externally.

For businesses that may not want the additional cost of storing their battle box remotely, the alternative is to have a printout stored securely in a safe, but this means ensuring to keep it updated and reprinted which can easily be forgotten.

Double extortion ransomware attacks will only get more sophisticated and common as organizations fall privy to the antics of cyber criminals and their demands. The way to stop them in their tracks is to be prepared and that means people, processes and technology.

The critical role of data integrity in generative AI

Anjan Kundavaram • 23rd November 2023

The quest to harness the full potential of generative AI relies on finding trustworthy data to achieve outstanding results for diverse use cases. With the continued growth and transformative impact of generative AI, business leaders need to ensure that the data being fed into it has integrity.

Navigating a CTO-as-a-Service arrangement

Cyril Samovskiy • 21st November 2023

Attracting a top-tier Chief Technology Officer (CTO) can be challenging at the best of times, but for tech startups – who often have limited resources, a yet-to-be-proven product-market fit, and financial instability – it can be even more so. Add tech’s ongoing talent shortage to the mix, and it’s easy to see why CTO-aaS is...

The Importance of SBOM and CVE in Medical

Diego Buffa • 18th November 2023

This article explores the critical landscape of medical device cybersecurity, focusing on the IMDRF’s “Principles and Practices for Medical Device Cybersecurity.” It advocates for a holistic approach throughout the product life cycle, with particular emphasis on the vital role of the Software Bill of Materials (SBOM). The article addresses the FDA’s stringent postmarket vulnerability reporting...

AI powered fused spurs unveiled by measurable.energy

Diana Kamkina • 15th November 2023

measurable.energy, experts in eliminating wasted energy, are proud to announce the launch of their latest innovation – fused spurs. This highly anticipated addition to their product line is set to transform the landscape of energy management in construction and commercial buildings.

AI powered fused spurs unveiled by measurable.energy

Diana Kamkina • 15th November 2023

measurable.energy, experts in eliminating wasted energy, are proud to announce the launch of their latest innovation – fused spurs. This highly anticipated addition to their product line is set to transform the landscape of energy management in construction and commercial buildings.

Technology for a Sustainable Tomorrow

Mark Robison • 09th November 2023

We currently face the critical challenge of reducing carbon emissions in an effort to reach net zero targets. This is the challenge of our lifetime and for many more generations to come. Fortunately, this challenge has ushered in a new era of innovation, where technology plays a leading role in creating a sustainable future.

Preparing UK Businesses for the Coming PSTN Switch Off

Chris Wade • 01st November 2023

The PSTN Switch Off will require a robust framework of action as all business sectors will be impacted. In order to stay ahead of this significant change, businesses must start considering new, digital alternatives such as VoIP based communication technology.

Dark Fibre’s Role in Supercharging Edge Data Centers

Sean Lowry • 18th October 2023

In response to Proximity Data Centre’s e-book, Glide’s CTO, Sean Lowry explores the impact of low latency on gaming, the Metaverse, and AI. He explains how dark fibre and Glide’s “Fibre Cities” are primed to support the evolving needs of edge data centres and seamless connectivity.