The
In 2019, the world experienced a new method of a ransomware attack- Double extortion. The attack, which was by a malicious group-
2020 Also saw malicious groups like the REvil, Ragnar-locker, and Lock bit joining the Maze to participate in successful and devastating exploitation of enterprises. Already, more than
What Is Double Extortion Ransomware Attack
In a Double extortion ransomware attack, malicious actors gain unauthorized access to a network to extract and encrypt data in the hope of a ransom payment. Contrary to the mere ransomware attack, this method decreases the effect of backed-up data. Attackers now leverage the extracted data to pressure victims. They can go as far as publishing the data or selling to a competitor should the victim refuse to comply.
Double extortion with unforgivable results when successfully executed. Victims either face financial loss to threat actors or compliance and public defacement.
In 2022, this attack procedure is still on the rise. According to the
How Does Double Extortion Ransomware Attack Work
Double extortion ransomware attack starts as a passive attack that turns into a devastating active attack like Encryption of data, and DDOS. The sequence of these attacks starts with a process where the attacker has to gain access to the company’s system through any attack vectors.
The attack vectors can be social engineering or programming, which include phishing, brute force on Remote desktop servers, malware, vulnerabilities exploitations, etc.
After the actor gains access to the system, he conducts a reconnaissance attack through lateral movement. At this stage, it is still a passive attack because the actor is masquerading as the original user to escape detection and gain valuable information for their potential attack.
When the malicious actor has gathered valuable data, he exfiltrates the data and deploys the malicious code, which encrypts the data.
Impact Of Double Extortion Ransomware Attack on Enterprises
Group IB, in their report,
Brand Defacement
Enterprises risk brand defacement because of data leakages and DDOS. Travelex, a travel agency, saw its reputation go down the drain in the
After disrupting their services, which left customers stranded, REvil also threatened to publish exfiltrated data if the company refused to pay the ransom. The double extortion ransomware attack here was devasting because even if Travelex complied to restore services and prevent data leakages, the breach of confidentiality and DDOS damaged their reputation.
Loss of funds
Enterprises depend on backed-up data to avoid losing lots of funds to ransomware events. Nevertheless, the chances that this is still very effective are low in the case of double extortion.
Attackers now leverage exfiltrated data; hacked companies will be required to pay the ransom, worth millions of dollars, or get their sensitive information leaked in the public domain. With valuable data of these firms exposed to the public, they can accrue heavy compliance fines, as was with
More so, enterprises that are unyielding to the demands risk losing the value of their stock when they are short-sold. According to the FBI’s cyber division advisory-
Vulnerability Of Third-Party Associates
Since attackers have complete access to an enterprise network, they can escalate their access to partners and consumer data. With this, threat actors can exfiltrate these data and demand ransom from partners or consumers.
An example of this event was in the case of
Prevalence Of Double Extortion Ransomware Attacks
The usage of the Double extortion method has tripled because of how successful it has been.
Loss Of Valuable Staff
The nefarious effect of this incident can ensure that an enterprise loses most of its valuable staff. According to the 2022
Some small and big enterprises lose their employees because they cannot afford wages after a significant loss of funds. In some scenarios, the high loss of funds is because the attackers demanded double ransom.
On the other hand, it can happen because their stocks sink after exposure to significant information on platforms like NASDAQ.
Mitigating Double Extortion Ransomware Attack
With double extortion ransomware attacks on the rise, you do not have to wait until post-attack before taking action. Proactiveness is the best way to combat this attack. While it might not eliminate the chances of infiltrating an enterprise, it minimizes the chances. Also, it minimizes loss in case of breaching.
Apply Zero Trust Policy
Enterprises let individuals gain privileged access to their network, even to the most sensitive areas. When this happens, they put architecture in a vulnerable spot for a ransomware attack.
Enterprises must practice a zero-trust policy by restricting access to their network. They must see all elements in their network, including insiders, as a probable threat. There should be compulsory authentication of elements before granting access.
Another recommendation is to create a network segmentation for all granted access. This practice will limit the spread of malware.
Encrypt Data
The pressure point for malicious actors who use this string of attacks is that they have exfiltrated your data and can publish it if you refuse to pay a ransom. However, enterprises can be one step ahead by encrypting their data from the start.
By encrypting your data, you have denied the malicious actor access to your data, hence, reducing his bargaining power. The threat actor can no longer threaten with data leakages; the worst he can do is to double encrypt your data.
Offline Back-Up
Double extortion has made Offline backup appear as a less efficient option to mitigate malicious actions. Nonetheless, offline backup can save your company from damages if you practice data encryption. This way, even when the attackers double encrypt your data, you can fall back to the backed-up data offline.
Employee Education
The emergence of covid 19 saw the rate of remote jobs skyrocket. More employees can now access sensitive networks through an external router. While this development makes life easier for workers, it creates more vulnerabilities for their employers.
Attackers leverage the ignorance of some employees for their exploits. Even employees can be an unintentional threat; nonetheless, this can be averted with sensitization. The recommendation is for enterprises to intensify internal awareness of ransomware attacks and the implications.
Evaluate Your Network and Patch Vulnerabilities
Enterprises assess loopholes in their network in two ways, depending on the size of their infrastructure. They can conduct a vulnerability assessment or simulation by a pen tester. With this, they can spot any security gap and misconfiguration that make a potential attack easy.
It is also critical to quickly patch up all vulnerabilities and conduct necessary security updates, or all effort is futile, as it was in the case of Travelex. Before the REvil attack, Kevin Beaumount, a security researcher, stated that
Monitoring Data Log
Enterprises can observe packet activities in their network with tools that will alert them when something unusual occurs. By monitoring the data log, you can immediately spot a malware attack and cut it off before it escalates.
Conclusion
While enterprises and cyber security professionals are doing their best to secure their infrastructure, Ransomware attackers are doubling their efforts to make the job tedious.
Besides double extortion, other tactics used by ransomware attackers include triple extortion and quadruple extortion. Cybersecurity experts have to update their knowledge and skill to combat this issue.
Also, enterprises should be more intentional and dedicated to their security infrastructure. They must embrace the recent security trends and implement them in their organization.
