Back to all articles

Double Ransomware Extortion


In parallel with Internet and technology development, there is an increase in cyberattacks. Each time, cybercriminals develop new, more complex and dangerous ways to use networks and servers. Double extortion ransomware attacks first appeared in 2020. Now it’s a serious threat to the largest companies and organizations. Its actions can lead to devastating consequences. Therefore, to ensure the safety of the company is a high priority.

Ransomware is malware that steals data, encrypts it, and then demands a ransom for it. The ransom amount can range from hundreds to millions of dollars. Basically, the payment of the ransom is required in cryptocurrency.

Learn more about ransomware here

Double ransomware extortion is a new level of «traditional» ransomware attack. In this case, the cybercriminal also uses the victim’s data, files, server, etc., encrypts them and demands a ransom for them. However, in the double extortion case, the cybercriminal threatens to publish/sell the victim’s sensitive data on the dark web if the ransom is not paid within the specified time frame. Backups can help in the matter of data recovery, but the damage from getting confidential information to the dark web doesn’t reduce.

Typically, attackers target medical facilities, schools and other educational institutions, legal organizations, etc., where a large amount of confidential information is stored. The compromise of such data can completely destroy both organizations and people. This is what makes double extortion attacks so dangerous.

Ways to gain access to confidential data:

The most popular programs for double-ransomware extortion are:

  1. Netwalker Ransomware – malware for the Windows operating system that encrypts and moves data and requires a ransom;
  2. Egregor Ransomware – the program breaks into confidential data, encrypts it and demands a ransom payment for it within 3 days. Also, some of the data is published on the darknet as evidence that criminals have data;
  3. Ransomware as a service (RaaS) is a subscription-based ransomware model for affiliates. Partners use a set of tools to carry out an attack, and if successful, receive a percentage of the ransom;
  4. Sodinokibi (Ransomware Evil) – ransomware that encrypts data and then deletes the ransom message;
  5. Conti – a rather dangerous type of attack due to the speed of encryption, it spreads very quickly and infects other systems.

The sequence for performing a double ransomware attack is:

Cybercriminals don’t follow ethical norms and rules. If the victim refuses to pay the ransom, there will definitely be consequences. But even if the ransom is paid on time, there is no guarantee that the data will be fully and safely returned to the legal owner. Attackers don’t care whose lives or companies they destroy. They have their own interest, which must be satisfied.

How to prevent this type of attack:

Previous Post Next Post

Related posts

Set Analysis: update from Qlik

Set Analysis is an advanced way of the aggregation scope definition provided by Qlik BI products. Such aggregation area may differ from the current se...

Read more

What is cyberattack?

Cyberattack is an unauthorized attempt to access a system to modify, damage or steal data. To accomplish this, cybercriminals use various methods to l...

Read more

What is QOps and what problems does it solve?

QOps is a console tool that removes the complexities of version control and automates Qlik applications development and deployment. The product works ...

Read more
GoUp Chat