What you need to know about double extortion ransomware attacks

November 18th, 2020
What you need to know about double extortion ransomware attacks


It has been a few years since ransomware rose to global infamy with the spate of attacks like WannaCry and NotPetya in 2017, but that’s not to say the threat has gone quiet. In fact, ransomware remains one of the most prolific cyberattack methods, simply because it’s one of the easiest and most profitable to carry out.

What is a double extortion ransomware attack?

Cybercriminals are stepping up their game by deploying double extortion tactics to pressure victims into paying up. Aside from just encrypting their files to make them inaccessible, they’re now also threatening to leak confidential data if their demands aren’t met. These double extortion tactics first started appearing in late 2019, becoming an increasingly common trend through 2020.

Not only are purveyors of ransomware using more sophisticated and multipronged methods to exploit their victims, but they’re also increasing the scale at which they launch attacks. Instead of focusing primarily on low-value targets like individuals and small businesses, they’re now turning their attention to large enterprises and even government and healthcare facilities.

Security experts refer to these attacks as double extortion because they use a combination of ransomware and a data breach, which is potentially far more profitable than encryption-based malware. After all, most companies have strict policies in place regarding keeping data safely backed up off-site, where it can’t easily be targeted by a ransomware attack. As long as you have a recent backup of any data encrypted during a regular ransomware attack, it should be easy enough to mitigate the threat without caving in to the criminal’s demands.

Unfortunately, double ransomware is potentially a far more serious threat simply because, for most companies, having their sensitive data disclosed publicly is usually far worse than losing it entirely. This makes it all the more likely that victims will pay up.

How can you protect against ransomware attacks?

As with most other forms of malware, ransomware usually makes its way onto a system via a social engineering scam. Common tactics include malicious attachments or links to malicious downloads and websites in emails and chat messages purporting to be from someone the recipient knows. Because these threats depend on exploiting human ignorance and unpreparedness, the only real way to guard against them is through proper security awareness training.

However, ransomware may also spread in other ways, such as by exploiting vulnerabilities in outdated or poorly designed software. For example, most ransomware will be blocked instantly if you’re using the latest anti-malware controls, firewalls, and operating system updates. Other methods include injecting malicious code by way of man-in-the-middle attacks or executing malicious scripts or macros in documents.

With the right combination of employee education, endpoint protection, data encryption, and a robust backup strategy, you should be able to greatly reduce the chances of a ransomware attack getting through. While there’s no such thing as a 100% secure network, the right combination of people, policy, and technology can reduce the risk to a minimum.

How can you mitigate the impact of an attack in progress?

No matter how secure your computing environment, you need to prepare for the worst-case scenario. That means you need an emergency response plan just in case you do get hit by a ransomware attack or other incident. For many organizations, this is also a legal requirement.

If a double extortion ransomware attack is discovered on any of your systems, the first thing to do is isolate any potentially affected systems and disconnect them from the network. You cannot afford to take the risk of the malware spreading and potentially compromising more data. You’ll then need to conduct an in-depth vulnerability assessment and enlist the help of an expert cybersecurity consultant and remediation specialist if you don’t have the required expertise in house.

Finally, paying the ransom is never a good idea, although it’s impossible to give a definitive answer, since it depends on the importance of the data and the bargaining abilities of the criminals. But in the end, the best way to deal with ransomware is by prevention and mitigation.

HERO Managed Services provides limitless IT services and dependable support to help you run a more secure and productive business. Get in touch today to schedule a free consultation.

Worried about cybersecurity?

The first step to ensuring cybersecurity is assessing your business for vulnerabilities. Contact one of our experts for a free IT consultation and find out how to make your IT more productive, your systems more secure, and your tech-related stress minimal.

Send a message now!

Leave a comment!

Your email address will not be published. Required fields are marked *

It’s time to take downtime seriously. Discover why an MSP is your best ally against this threat. Download our free eBook today to learn more!Download here