New tactics spotted by security researchers at CheckPoint indicate a growing pattern by ransomware gangs to use additional extortion actions to increase revenues and ensure payment.
It’s bad enough that you’ve been hit by ransomware. Your operations are down, data and systems are inaccessible, and the pressure’s on to either pay the ransom or recover the impacted environment quickly. The bad guys are keenly aware of how their victims are preparing themselves for an attack and have been looking for ways to increase their chances of getting a payout for their efforts.
It started with Maze ransomware a year and change ago with exfiltrating data and threatening to publish it if the ransom was not paid. Now 70% of all ransomware attacks include this.
Apparently, that’s not good enough for the bad guys.
According to new data from CheckPoint, more ransomware gangs are taking an additional third step as part of the attack in an effort to maximize their potential revenues, dubbed triple threat extortion. In some cases the triple threat involves calling victims and contractors to make sure the ransomware attack can’t be kept quiet. CheckPoint also mentions extortion of a therapy clinic’s customers that had been hit by ransomware by threatening customers to pay small sums or have their session notes published.
And this is just the beginning. As the bad guys continue to innovate, you should expect new and creative ways for them to look beyond the now two-pronged approach of encryption and extortion to also include some additional third factor. This factor either increases the chances you’ll pay a ransom or creates a new source of revenue for the bad guys.
Phishing remains a top initial attack vector for ransomware attacks, so putting Security Awareness Training in place to educate your users around the current email-based threats will help to reduce the attack surface and minimize the risk of successful attack.