According to the new Ransomware Prevention Special Report [JK1] from SANS, ransomware continues to be one of the most prevalent and destructive threats to enterprises and governments globally.[i] In 2019, ransomware cost $11.5 billion as every 14 seconds a business got attacked.[ii] Cyber insurance claims for ransomware attacks increased to 41% of all the cyber insurance claims in the first half of 2020.[iii] These numbers may not surprise you, but the root cause may. Double extortion—the hacker’s new modus operandi for ransomware—is a sure-fire way of securing fat ransoms. And you may not like to believe it, but double extortion attacks can kibosh the best-designed recovery plans.
What is Double Extortion and why are these attacks increasing?
When organizations stepped ahead of their attackers by restoring from backups to avoid paying ransom, hackers were quick to innovate. Notorious ransomware gangs such as Maze and DoppelPaymer started launching double extortion attacks. By exfiltrating data from hacked networks before encrypting it, attackers can now threaten to leak sensitive data and render backups useless. The University of Utah [JK2] recovered their data from backups, had their systems running, and still had to pay ransom to stop hackers from leaking student data.[iv] Though REvil was the first to launch double extortion attacks,[v] others were swift to imitate the new-found method because giving victims an additional reason to pay ransom maximizes profits.
Double Extortion attacks are a double whammy
Can organizations trust hackers not to leak their data? Worse, buying double extortion assurance comes at a much higher cost – six times the average of previous ransomware cases.[vi]
Building a shield against Double Extortion attacks
Double extortion attacks are quick-spreading, highly interruptive, and expensive. Follow this path to put the odds in your favor:
- Buy a cyber insurance policy that covers Double Extortion attacks. Make cyber insurance an integral part of your cyber strategy, even if you are not mandated to do so. All organizations should assess the risk and have an insurance policy in place that covers losses incurred in a ransomware attack.
- Make Zero Trust an integral part of your cyber strategy: Zero Trust reduces the attack surface and impact using various technological approaches such as identity validation, privilege management, and browser isolation. Secure the entire portion of your attack surface by closing the entry point to threats. Learn more about the right Zero Trust solutions for your cyber strategy in Cyberinc’s whitepaper ‘Zero Trust: Reimagining Security for the Financial Services Industry[JK3] .’
- Have a plan to respond to a Double Extortion attack and test it: Prepare for a scenario where you have to explain to customers, suppliers, regulators, police, insurers, and the media about the attack. The major areas to consider are in backup and recovery processes and whether to pay off the ransom demand. See the drilldown on ransomware payoffs and cyber recovery plans in this post of SANS NewsBites[JK4] .
Rajiv Raghunarayan is the Senior Vice President of Products and Marketing at Cyberinc and heads the product management, marketing and strategic alliances functions. Rajiv has more than two decades of experience in technology and marketing leadership positions at companies such as SentinelOne, FireEye and Cisco. His past experience includes areas of network security, email security, endpoint security, network management and WAN optimization. He holds a master's degree in software systems from Birla Institute of Technology, Pilani, and an MBA from UC Berkeley's Haas School of Business.
[i] Ransomware Prevention Special Report: How to Address a Pervasive and Unrelenting Threat, Justin Henderson, SANS https://www.sans.org/reading-r...
[ii] https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
[iii] https://www.coalitioninc.com/
[iv] https://blogs.cyberinc.com/can...
[v] https://krebsonsecurity.com/2020/06/revil-ransomware-gang-starts-auctioning-victim-data/#
[vi] https://www.coalitioninc.com/
Link to [JK1]https://www.sans.org/reading-r...
[JK2]Link to https://blogs.cyberinc.com/can...
