With 2021 being the “testing ground” for ransomware extortion, 2022 is showing signs of ransomware gangs settling in on proven extortion tactics to ensure payment.
Last year, we watched as ransomware gangs attempted every type of extortion tactic under the sun, including sending ransom attack notices to the printers within a victim organization. And like any “industry” that’s trying to find its’ feet, eventually they will figure out what works and what doesn’t, using the most effective combination of extortion tactics to get the result they want – taking their victims for as much money as possible.
New survey data from security vendor Venafi paints a clear picture of how extortion is not just a mainstream tactic, but that using multiple forms in a single attack is now commonplace and even extend to a victim organization’s customers:
- 83% of all successful ransomware attacks include double and triple extortion
- 38% of ransomware attacks threatened to use stolen data to extort customers
- 35% of ransomware attacks threatened to expose stolen data on the dark web
- 32% of attacks threatened to directly inform the victim's customers of the data breach incident
Additionally, the Venafi data also demonstrates that ransomware attacks definitely aren’t over once you pay the ransom:
- 18% of victims who paid the ransom still had data exposed on the dark web
- 8% of victims who refused to pay the ransom had attackers attempt to extort their customers
- 35% of victims paid the ransom but were still unable to retrieve their data
The takeaway here is that you can’t assume ransomware gangs are going to play fair – both during and after an attack. So, the best medicine is to proactively stop attacks before they start. Security Awareness Training plays an important role in stopping attacks that rely on social engineering tactics on the web and within email to trick their victims into engaging with malicious content. By educating them on the schemes, tricks, and campaigns cybercriminals use, users become vigilant and fall for these initial attacks, killing the chances of a successful ransomware attack entirely.