Ransomware is still all over the place – attacks are up 62% globally and 158% in North America since 2019. But ransomware-only attacks have mostly been replaced by more sophisticated – and ruthless – attacks.
In a traditional ransomware attack, a cyber criminal finds a way onto business networks (often with stolen usernames and passwords) and runs software that encrypts all accessible files on the networks. The software then directs the victims to pay for a decryption key. If the victims pay, they might get their data back. If they don’t pay, the files are deleted permanently.
Anyone with some basic network expertise, a couple hundred dollars and a few hours to spare can use ransomware. A ransomware package sells for less than $150 on the dark web, and stolen credentials go for less than $5.
There are so many criminal groups using ransomware out there that most businesses are taking at least basic protections against it. The ransomware market is getting crowded, and each criminal has fewer targets.
Double Extortion Attacks
In a double extortion attack, cybercriminals employ a two-pronged strategy to increase their leverage and chances of extracting a ransom payment from their victims. This strategy involves not only encrypting the victim’s data but also threatening to release sensitive or confidential information stolen from the victim’s systems.
Unfortunately, it’s working out for cyberthieves anyway, because they’re getting smarter about how to demand high fees from their victims. To keep revenues up, cybercriminals are starting to do a lot more than running a piece of software once they get into business networks. Once they get into a network, they’re downloading all the data they can access and examining it.
What they’re looking for is how to inflict maximum pain on a business and its customers and vendors. Are there tax records? Personnel records? Financial account information? Are there embarrassing emails sent to or from your employees? They aren’t just looking to delete your files – they’re hoping to find data they can threaten to share publicly.
Only once they have an extortion plan will they activate the ransomware, which is the final phase of attack. After you see that your files are encrypted, they also reach out and tell you what they found on your network.
This type of attack is growing rapidly. It emerged in 2019, and only two years later 70% of ransomware attacks are including this so-called ‘double extortion’ attack.
How To Prevent
Strong password policies and user education on phishing attacks can make it less likely that cybercriminals will gain access to your network, but the reality is that nothing can fully prevent it. That’s why it’s so important for companies to have software examining data transfers on their networks and making sure that nothing suspicious is happening. If one of your users is logged in to your network from a state (or country) they’ve never visited before, and they’re attempting to download unusually large amounts of data, that’s an immediate red flag. If nobody is looking for that red flag, unfortunately, nobody’s likely to find it until it’s too late.