Trending Articles

Blog Post

Tech News

The Emergence of “Triple Extortion” Ransomware Attacks

The Emergence of “Triple Extortion” Ransomware Attacks

Many cyberattacks work by leveraging your own tools against you — whether that’s exploiting a vulnerability in a piece of software you use or overwhelming a server by way of an internet layer protocol that’s utilized by network devices to communicate. A ransomware attack makes this explicit. One of the most damaging malware types, ransomware bars users from accessing their systems or data and doesn’t hand back the keys until a financial penalty (a.k.a. a ransom) has been paid. In doing so, it exploits the value of a user’s system and files, and uses this to extort money.

Ransomware attacks have been around for decades. The first known ransomware attack took place in 1989, long before most people had ever used the internet. However, in the hyperconnected modern world, these attacks have become more commonplace. Unfortunately, they’ve also become more complex — and nefarious.

Ransomware attacks are evolving

In the classic type of ransomware attack, malware is used to encrypt user files, with the promise of a decryption key being provided only if the target pays out a certain amount of money (almost always in a cryptocurrency like Bitcoin). If they fail to do so before a certain deadline, their files remain inaccessible and whatever work or other material of value is contained on them is rendered unreachable.

In recent years, as ransomware attacks have surged, a second iteration of ransomware has emerged. In these “double extortion” attacks, malware is used to encrypt user files and systems, which can only be unlocked by way of a decryption key. However, they also exfiltrate data from targets, which they then threaten to leak if payment is not made. In this scenario, the threat isn’t just about victims losing access to their own information; it’s compounded by the fact that others may be able to see it as well. That could cause anything from embarrassment to the potentially expensive loss of valuable assets.

In the case of both classic and double extortion ransomware attacks, attackers are banking (quite literally, given the potential money involved!) on the fact that victims will pay up because, whatever amount is demanded of them is slightly less than the amount they would stand to lose if they do not regain access to their files.

A new type of ransomware

Unfortunately, like the Hollywood law of bad sequels, there’s now a third iteration of ransomware — and it’s potentially even nastier than the first two.

These “triple extortion” attacks, first spotted in late 2020, don’t just go after the owners of the data, but their customers as well. In one such attack, cybercriminals used data stolen from a Finnish psychotherapy clinic to try and extort money from both the firm and customers whose information was held on file. The attackers demanded more than $530,000 in Bitcoin from the clinic, while charging $240 from customers not to have their files, which included therapy session notes, published online. If they did not pay within 24 hours of the demand being made, this amount increased to upward of $600 per customer.

These attacks have the potential to take ransomware to a terrifying new level. In some of the worst data breaches, the records of hundreds of millions of customers have been leaked. For example, in 2016 more than 400 million customer records on the casual hookup and adult content site Adult Friend Finder were breached. While there was not a ransomware element to this breach, it would nonetheless likely prove embarrassing to some customers of this service to have details of their membership made public. Opportunities like this could supercharge ransomware attacks for attackers: making them potentially more lucrative and, in turn, more common and damaging.

Protect against ransomware

The best practice when threatened with a ransomware attack is to, under no circumstances, pay the money demanded. Not only is there no guarantee that you will receive a decryption key (or, in the case of data exfiltration attacks, know that your stolen data has definitely been deleted by the thieves), but paying a ransom will only serve to highlight you as a target who may be willing to pay again in the future.

Nonetheless, the better approach is to make sure that you’re not the victim of a ransomware attack to begin with. Part of this involves good user education to protect against the likes of phishing attacks and other social engineering methods that may result in users downloading malware. However, to truly protect yourself from ransomware attack vectors, make sure you avail yourself of the right tools to keep you safe.

Threat detection systems are able to carry out real-time monitoring of systems and stop potentially questionable read/write behavior from happening. Anti-ransomware endpoint security tools like Web Application Firewalls (WAFs) can additionally help detect and block ransomware and other forms of malware before they have a chance to cause any damage.

Unfortunately, malware attacks such as ransomware are getting more prevalent and damaging. But by investing in the right solutions, you can make sure that you’re not leaving yourself — or, in the case of the new triple extortion attacks, your customers — open to them.

Also Read: 5 Reasons Why Shibboleth is the Best Single Sign-On Solution

Related posts