Ransomware with an Extra Layer of Double Extortion
July 8, 2020

Ransomware is nothing new.  In fact, it has been around since 1989.  This strategic malware really spiked in popularity with the rise of cryptocurrency due to its ability to exchange fund anonymously. Businesses with unsecured networks and often poor backups have been forced to pay large sums of dollars in the form of cryptocurrency such as Bitcoin.  In addition to the direct ransom, billions of dollars have been paid worldwide in system cleanup, regulatory compliance fines, customer communications, and data recovery costs from ransomware attacks.

Some of the most recently notable strands of Ransomware include Wannacry, Locky, Petya, Lockergoga, Ryuk, GandCrab, Sodinkibi, Tutanota, and Estemani. Some of these are particularly known for having extremely high ransoms (in the millions) that are highly targeted at organizations such as hospitals, local government, financial instiutions and law firms. Some of these executable files have even disguised themselves as “ransomware removal tools” that end up infecting your machine even further.

Tactics have been tweaked to the ransomware strategy in order to speed up payment:

  • Expiring Email Address: Often an email is provided that has an expiration date.  After that date, the cybercriminals claim they can no longer be contacted.
  • Double Extortion: In cases of double extortion, an extra amount of pressure is added by stealing a portion of data and then putting it up for sale on the dark web.  If Ransom isn’t paid, they would go through with the transaction.
  • Threat to Delete Files: Along with having to pay a ransom, the victim is asked to meet the unrealistic deadlines set such as payment within 24 hours. If payment is not made during the allotted time, then a portion of the files are permanently deleted.  The more time passes, the more files are deleted exponentially.

As cybersecurity experts who block these attacks daily, we have put together a checklist of the top proactive strategies to prevent your organization from being caught in this situation.

In this whitepaper, we will cover strategies SMBs and enterprises can implement to minimize the threat of a ransomware attack. Many of these tips will also overlap with NIST and CIS recommendations. Identifying cybersecurity vulnerabilities whether in the cloud or on-premise if key in order to secure any network. This is also a great resource to take to your Managed Service Provider or IT team to confirm you’ve covered all of your bases. Your network may be missing some key layers such as backup, endpoint, or even a SIEM.

Get the Top 8 Proactive Strategies to Prevent Ransomware here.

SECNAP CloudJacket

Ensure your organization has robust cybersecurity protection that quickly identifies and contains potential breaches.

Stay up-to-date with the latest news and trends in cyber security. Follow SECNAP Network Security’s social media channels and get valuable insights, tips, and information to help protect your organization from online threats:

More Related Posts