Limiting access to data, tracking relevant data that is sold on the dark web, monitoring for breaches in the supply chain, and implementing best practices is vital for maintaining safety.
Being at risk of a ransomware attack is frightening enough, but often, hackers can continue to extort the company even after the ransom has been paid and everything appears to be back to normal. Ransomware groups now demand further payments to prevent the private information they have stolen in their attacks from being disclosed, making multiple extortions more and more typical.
In usual ransomware attacks, hackers seize and encrypt sensitive information to coerce businesses into paying a ransom in exchange for the secure restoration of their data and the resumption of normal network operations. In response, CISOs strengthened their cyber defenses by segmenting their networks and maintaining secure offsite backups, but threat actors quickly learned how to bypass these measures.
Multiple Extortion Attempts
Over the past year or so, the ransomware threat scene has taken an ugly turn as attackers have realized the value that businesses place on maintaining the confidentiality of their sensitive information. The damage to a company’s brand and reputation can be just as damaging as being locked out of systems and files. As a result, when businesses were able to restore their systems following unsuccessful or successful ransomware attacks, hackers started threatening to disclose sensitive information as a follow-up.
Due to the effectiveness of double extortion, threat actors are increasingly focusing on multiple extortions. Attackers that use triple extortion threaten to divulge information about customers and partners in order to demand more ransom payments, potentially endangering the company with fines and lawsuits.
As further evidence of the damaging impact of the data, some threat actors have even developed a search feature that enables victims to locate leaked information about clients and partners. These types of leaks not only increase the cost of the ransom for the victims, but they also serve as a strong warning to those who believe they can avoid paying the ransom.
Preventing Multiple Extortion Attempts
The first step for CISOs who want to take a more proactive approach to protect their companies from such multiple extortion events is to monitor for breaches within their business relationships and supply chains while keeping an eye on relevant data that is made public in breach dumps or sold on the dark web.
Regular backup procedures offer a powerful first line of security against a typical ransomware attack, but backups by themselves are no longer sufficient. Threat actors will attempt to corrupt the backups and threaten future leaks because they are aware that backups are a common way to evade payment. Because of this issue, offline backups are now necessary because it is no longer safe to rely on systems that are linked during an incident.
The issue with multiple extortion efforts is that even if the pay-for-decryption scheme is unsuccessful, threat actors may still be able to get access to confidential data and threaten to disclose it. These attacks show how important it is to secure the most critical data first.
Also Read: Researchers Connect Conti Group to The Royal Ransomware
Defending Against Multiple Extortion
Ensuring that threat actors can’t access confidential data is the only real defense against multiple extortions.
Organizing confidential data into categories should be the first priority in order to prevent hackers from stealing the most valuable items from the vault, even if they manage to get past the initial lines of defense. Limiting who has access to data and what tools can interact with it directly as part of the supervision process. The fewer entry points there are, the easier it is to safeguard the data.
Any business might suffer greatly from the debilitating repercussions of a ransomware attack. The larger attack surface that affects the extended ecosystem of consumers, partners, and investors has raised the stakes significantly, though. All enterprises must therefore create a strategy to safeguard their data and secure themselves not just from the initial ransomware attacks but also from multiple extortion attempts.
Updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates