Kicking You While You’re Down: Ransomware Attacks Begin to Adopt a “Triple Extortion” Model



Ransomware Attacks Triple Extortion MethodNew tactics spotted by security researchers at CheckPoint indicate a growing pattern by ransomware gangs to use additional extortion actions to increase revenues and ensure payment.

It’s bad enough that you’ve been hit by ransomware. Your operations are down, data and systems are inaccessible, and the pressure’s on to either pay the ransom or recover the impacted environment quickly. The bad guys are keenly aware of how their victims are preparing themselves for an attack and have been looking for ways to increase their chances of getting a payout for their efforts.

It started with Maze ransomware a year and change ago with exfiltrating data and threatening to publish it if the ransom was not paid. Now 70% of all ransomware attacks include this.

Apparently, that’s not good enough for the bad guys.

According to new data from CheckPoint, more ransomware gangs are taking an additional third step as part of the attack in an effort to maximize their potential revenues, dubbed triple threat extortion. In some cases the triple threat involves calling victims and contractors to make sure the ransomware attack can’t be kept quiet. CheckPoint also mentions extortion of a therapy clinic’s customers that had been hit by ransomware by threatening customers to pay small sums or have their session notes published.

And this is just the beginning. As the bad guys continue to innovate, you should expect new and creative ways for them to look beyond the now two-pronged approach of encryption and extortion to also include some additional third factor. This factor either increases the chances you’ll pay a ransom or creates a new source of revenue for the bad guys.

Phishing remains a top initial attack vector for ransomware attacks, so putting Security Awareness Training in place to educate your users around the current email-based threats will help to reduce the attack surface and minimize the risk of successful attack.


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 21 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware

Subscribe To Our Blog


Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews