Ransomware is still all over the place – attacks are up more than 20% in 2020.  But a ransomware-only attack is quickly being replaced by more sophisticated – and ruthless – attacks.

In a traditional ransomware attack, a cyber criminal finds a way onto business networks (often with stolen usernames and passwords) and runs software that encrypts all accessible files on the networks.  The software then directs the victims to pay for a decryption key.  If the victims pay, they might get their data back.  If they don’t pay, the files are deleted permanently.

Anyone with some basic network expertise, a couple hundred dollars and a few hours to spare can use ransomware in 2020.  A ransomware package sells for less than $150 on the dark web, and stolen credentials go for less than $5.

There are so many criminal groups using ransomware out there that most businesses are taking at least basic protections against it.  The ransomware market is getting crowded, and each criminal has fewer targets.

Enter the Double Extortion Attack

Unfortunately, it’s working out for cyberthieves anyway, because they’re getting smarter about how to demand high fees from their victims.  To keep revenues up, cybercriminals are starting to do a lot more than running a piece of software once they get into business networks.  Once they get into a network, they’re downloading all the data they can access and examining it.

What they’re looking for is how to inflict maximum pain on a business and its customers and vendors.  Are there tax records?  Personnel records?  Financial account information?  Are there embarrassing emails sent to or from your employees?  They aren’t just looking to delete your files – they’re hoping to find data they can threaten to share publicly.

Only once they have an extortion plan will they activate the ransomware, which is the final phase of attack.  After you see that your files are encrypted, they’ll also reach out and tell you what they found on your network.

This type of attack is growing rapidly.  It emerged in 2019, and only eight months later 11% of ransomware attacks are already including this so-called ‘double extortion’ attack.

Strong password policies and user education on phishing attacks can make it less likely that cybercriminals will gain access to your network, but the reality is that nothing can fully prevent it.  That’s why it’s so important for companies to have software examining data transfers on their networks and making sure that nothing suspicious is happening.  If one of your users is logged in to your network from a state (or country) they’ve never visited before, and they’re attempting to download unusually large amounts of data, that’s an immediate red flag.  If nobody is looking for that red flag, unfortunately, nobody’s likely to find it until it’s too late.

To learn how WingSwept can help your company protect itself against modern cybersecurity threats, call us at 919-460-7011 or email us at Team_WingSwept@WingSwept.com