Blog

What is Double Extortion Ransomware?

Ransomware attacks aimed at governments worldwide rose by a whopping 1,885% in 2021, indicating that it is one of the most prominent security threats. The spike results from security being relegated to a secondary position in a rush to embrace digital technologies in the aftermath of the pandemic-driven disruptions. 

While attempts to bridge the gap in security are experiencing a newfound interest, malicious agents are evolving new techniques to match the progress. One of the hackers' more sophisticated attack techniques is double extortion ransomware. Reports suggest double extortion ransomware attacks surged 935% between 2020 and 2021. 

The spike in ransomware attacks has prodded Chief Security Officers worldwide to make it a top priority; in Canada, 35% of companies plan to set up improved security measures. However, double extortion ransomware will likely pose serious threats to businesses in 2022 and beyond despite the efforts to combat it. 

What is double extortion ransomware?

Double extortion ransomware is also known as pay-now-or-get-breached or name-and-shame ransomware. This ransomware gets its name from the way it operates. In double extortion ransomware attacks, hackers exfiltrate the victim's data in addition to encrypting their files. Later, the attackers threaten to publish the data publicly if the ransom is not paid.

Here is how it works:

  • Infect a target system

  • Steal sensitive files and information

  • Encrypt all files on the system 

  • Make the first ransom demand in exchange for allowing access to the files 

  • Make the second ransom demand by threatening to leak the sensitive files

In 2019, a criminal organization named TA2102 perpetrated the first-ever double extortion ransomware attack on Allied Universal, a security staffing company. The attackers demanded US$ 2.3 million and threatened to publish the data online if the company didn't meet their demands. Since then, the number of such incidents has only grown. Tech giants like Accenture, Cognizant, and more have been victims of such attacks.

Types of double extortion ransomware families

Since the first attack in 2019 using Maze ransomware, the number of double extortion ransomware families has grown. Some are:

  • DarkSide: responsible for the Colonial Pipeline ransomware attack that shut down the main pipeline supplying 45% of fuel to the East Coast of the US

  • Egregor: over 150 attacks have been attributed to this ransomware

  • Conti: it prompted a national emergency in Costa Rica

  • DoppelPaymer (BitPaymer family): this ransomware was used to attack Mexico's state-owned oil company, costing it US$ 4.9 million

  • REvil/Sodinokibi: ransomware that exploits a software vulnerability. It is estimated to account for 14% of all ransomware attacks

Preventive measures

The biggest reasons for the increase in ransomware attacks are poor corporate security and a thriving ransomware-as-a-service affiliate market. Businesses can no longer afford to take security lightly. Companies need to stay a step ahead and deploy proactive and preventive measures to counter ransomware attacks.

Here are a few best practices to help prevent ransomware attacks:

  • Adopt a zero-trust security policy. Limit and grant access only based on

    identity and context and only to a minimal set of resources.

  • Identify and create enterprise-wide awareness and steps to tackle phishing scams.

  • Minimize the number of resources visible to the internet by securing access with a proxy-based brokered exchange to connect authenticated users directly to applications.

  • Identify the organization’s Vital Data Assets (VDA) and deploy capabilities to secure and restore them in case of an incident. For example, creating a failsafe copy of the data. 

Wrapping up

Cyber threats are evolving and constantly changing. We have already seen basic ransomware attacks evolve to double extortion ransomware, and we are now seeing another layer of threat with triple extortion ransomware. Businesses need to be alert and take all possible measures to protect themselves against such attacks. Cybersecurity is no longer an option; it is a necessity.

The effects of a ransomware attack can be devastating for a business. Not only can it lead to loss of data, but also loss of customers and revenue. In some cases, it can even lead to bankruptcy.

Featured Posts

See All

December 10 - Blog

Hardware Token Protocols

Hardware token protocols: what are they, and what role do they play in your organization's cybersecurity? In today's article, our ethical hackers outline the most common hardware token protocols.

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

Packetlabs Company Logo
    • Toronto | HQ
    • 401 Bay Street, Suite 1600
    • Toronto, Ontario, Canada
    • M5H 2Y4
    • San Francisco | HQ
    • 580 California Street, 12th floor
    • San Francisco, CA, USA
    • 94104
Contact Us
Partner Program
Learn
Careers
Services
About
Packetlabs Portal
FAQ
LinkedIn Icon SquareX Icon SquareFacebook Icon Square
Cyber Right Now
CREST Logo
AICPA SOC 2 Logo
Clutch 2023 Certification Logo

© 2024 Packetlabs. All rights reserved.

Privacy Policy