Single, Double and Triple Ransomware

The Rise of Ransomware Attacks:

Ransomware attacks are a common form of cybercrime that has gained traction in recent years. Threat actors have become more sophisticated and victims continue to pay ransom demands, and the end of this scourge is nowhere in sight.

Companies have adapted to the growing threat of ransomware by raising employee awareness of scareware attacks and implementing tighter security measures to mitigate the loss of data (more frequently updated off-site and air-gapped data backups, for example). It has helped, but threat actors are undeterred. In fact they have started building in additional layers of extortion into their attacks. 

Introducing double and triple extortion ransomware attacks.

What are Single, Double, and Triple Extortion Ransomware Attacks?

Traditional ransomware attacks are based on the premise that once the victim pays the ransom, they will regain access to their data and the systems that house it. These attacks target critical data needed for everyday business as well as other digital targets that can destroy the functionality of entire servers or networks. Most cyber professionals and law enforcement say it’s best not to pay threat actors, but many targets do, which has contributed to the growth of this trend.

Double extortion attacks involves the extraction of data that can be leveraged and then encrypting crucial files and data. This tactic arose in response to businesses backing up data, thereby reducing the threat of a traditional ransomware attack. The threat actor takes this additional step so they can extort money to resolve two different problems: the possibility of the stolen data becoming public and the undo the encryption. The data may include personally identifiable customer data, or intellectual property. The added threat of exposing sensitive customer, personnel, or financial data makes it harder for a target to decline paying the extortion demanded. The added threat of data exposure increases pressure on the victim – and therefore their likelihood of paying the ransom.

In triple extortion attacks, the threat actor pulls out all the stops: S/he might target and demand ransom from vulnerable third parties, like an organization’s clients or suppliers; they may also threaten to launch a DDoS attack, sell sensitive information or directly leak sensitive information to the media. Essentially, the criminal employs multi-layered ransomware demands in an attempt to place pressure on the target and force them to pay. 

Preventing Double or Triple Extortion Ransomware Attacks:

Like all forms of cybercrime, we are all at risk. When it comes to double or triple extortion ransomware attacks, companies and organizations that store sensitive customer data, or have valuable intellectual property are at higher risk, such as financial companies, healthcare and government organizations. When it comes to any form of a ransomware attack – traditional or multilayered – the best protection is prevention:

  • Regularly update security tools and software to patch security flaws, including web application firewalls and ransomware detection solutions
  • Educate employees about ransomware threats and best practices.
  • Backup critical systems and data to protect against a ransomware attack that hijacks your access to critical systems or disrupts functionality.
  • To protect against double extortion attacks, encrypt all mission critical data so it will not be readable by third parties.