Blog

Back to all articles

Double Ransomware Extortion

|

https://pixabay.com/vectors/malware-ransomware-scam-fraud-7020225/

In parallel with Internet and technology development, there is an increase in cyberattacks. Each time, cybercriminals develop new, more complex and dangerous ways to use networks and servers. Double extortion ransomware attacks first appeared in 2020. Now it’s a serious threat to the largest companies and organizations. Its actions can lead to devastating consequences. Therefore, to ensure the safety of the company is a high priority.

Ransomware is malware that steals data, encrypts it, and then demands a ransom for it. The ransom amount can range from hundreds to millions of dollars. Basically, the payment of the ransom is required in cryptocurrency.

Learn more about ransomware here

Double ransomware extortion is a new level of «traditional» ransomware attack. In this case, the cybercriminal also uses the victim’s data, files, server, etc., encrypts them and demands a ransom for them. However, in the double extortion case, the cybercriminal threatens to publish/sell the victim’s sensitive data on the dark web if the ransom is not paid within the specified time frame. Backups can help in the matter of data recovery, but the damage from getting confidential information to the dark web doesn’t reduce.

Typically, attackers target medical facilities, schools and other educational institutions, legal organizations, etc., where a large amount of confidential information is stored. The compromise of such data can completely destroy both organizations and people. This is what makes double extortion attacks so dangerous.

Ways to gain access to confidential data:

The most popular programs for double-ransomware extortion are:

  1. Netwalker Ransomware – malware for the Windows operating system that encrypts and moves data and requires a ransom;
  2. Egregor Ransomware – the program breaks into confidential data, encrypts it and demands a ransom payment for it within 3 days. Also, some of the data is published on the darknet as evidence that criminals have data;
  3. Ransomware as a service (RaaS) is a subscription-based ransomware model for affiliates. Partners use a set of tools to carry out an attack, and if successful, receive a percentage of the ransom;
  4. Sodinokibi (Ransomware Evil) – ransomware that encrypts data and then deletes the ransom message;
  5. Conti – a rather dangerous type of attack due to the speed of encryption, it spreads very quickly and infects other systems.

The sequence for performing a double ransomware attack is:

Cybercriminals don’t follow ethical norms and rules. If the victim refuses to pay the ransom, there will definitely be consequences. But even if the ransom is paid on time, there is no guarantee that the data will be fully and safely returned to the legal owner. Attackers don’t care whose lives or companies they destroy. They have their own interest, which must be satisfied.

How to prevent this type of attack:

Previous Post Next Post

Related posts

The Rumsfeld Matrix as an effective tool in the decision-making process

During a briefing on the Iraq War, Donald Rumsfeld divided information into 4 categories: known known, known unknown, unknown known, unknown unknown. ...

Read more

AI and ML impact on Data Science

Artificial Intelligence and Machine Learning have contributed to the advancement of data science. These technologies help data scientists conduct anal...

Read more

Artificial Intelligence for data analytics

Artificial Intelligence is widely used in many applications, including for data analytics. AI is used to analyze large data sets that allows to obtain...

Read more
GoUp Chat