This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

Sanfor Technologies Blog Background Image

Disturbing Ransomware Trends: Triple Extortion

2021-07-12
46
Triple Extortion Blog
Ransomware has become such a popular activity, competing ransomware groups are one-upping each other, coming up with new and creative ways of using the malicious viruses to make more money and causing new damage. We see this trend at work with the recent Colonial Oil pipeline ransomware attack, where the operators actually issued an apology for the trouble they caused the citizens of the USA. Their attack had obviously gotten away from them, meaning less skilled operators are carrying out some of the biggest ransomware attacks in the world.

The number of ransomware attacks against enterprises has more than doubled since 2020, with healthcare and utilities the primary targets. The APAC region is targeted more than any other region in the world – and the latest ransomware trend? Triple extortion.

Biggest Ransomware Attacks 2021

For scale, let’s look at a list of the 10 biggest ransomware attacks of 2021 – so far.

  1. Colonial Pipeline paid $4.4 million (recovered later) in ransom and spent several days with their pipelines offline
  2. Brenntag lost 150 GB of data to DarkSide ransomware, paying $4.4 million dollars.
  3. Acer paid a $50 million USD ransom to the REvil hacker group in May 2021
  4. JBS foods paid an $11 million dollar ransom in June 2021
  5. Computer manufacturer, Quanta, was targeted by REvil in May, releasing many Apple product blueprints before disappearing off the global radar
  6. NBA - National Basketball Association: In mid-April, the hacker group called Babuk, claimed to have stolen 500 GB of confidential data - including financial info and contracts. 
  7. AXA European insurance company was thought to be targeted because of a policy change on ransomware payments, losing 3 TB of data.
  8. CNA, a large insurance firm, had 15,000 devices encrypted, with many remote workers cut off entirely from CNA.
  9. Polish video game development firm, CDProjekt Red had their source code stolen inn February of 2021, but recovered their operations with a backup, refusing to pay a ransom.
  10. Kia Motors experienced widespread outages due to a ransomware attack, which demanded $20 million in ransom.'

Ransomware Double Extortion 

WannaCry and NotPeyta ransomware typically used a public-key RSA encryption to encrypt victims files. Today, encryption-based ransomware is slipping in popularity, in favour of a joint ransomware and data breach attack style, known as double-extortion. While companies once simply paid a ransom (or didn’t pay) for a decryption key, and usually got their files back, double extortion is much more damaging. While encrypting the system, the ransomware is also stealing valuable data, which is sometimes held for ransom, or sold on the dark web – or both.

Ransomware Triple Extortion

The first instance of triple extortion on the books was in 2020, involving The Finnish Vastaamo clinic losing data related to 400 employees and 40,000 patients to cyber attackers. “The extortionist, who went by the name “RANSOM_MAN,” claimed they would publish the data of 100 people each day onto their own Tor file server until they received the bitcoin from Vastaamo. As the company resisted, “RANSOM_MAN” published the personal data of 300 people, including various public figures and police officers,” Wired wrote in an article detailing the attack. Then, as a kicker, the ransomware operator went on to extort small amounts of money from many of the clinic patients! 

REvil, seen in the news daily in 2021, started adding a distributed-denial-of-service (DDoS) element to their ransomware attacks, then combined the attack with phone calls to employees, customers and even journalists. With industry-leaders like REvil using this tactic regularly, we can expect to see this element employed by many other ransomware operators in the upcoming months.

Preventing Ransomware Attack

Most of these successful attacks were launched using stolen credentials or through a phishing email with a malicious link. It’s important to educate your employees on the finer points of cyber security immediately. Share these tips with your employees, both remote and in-house, and follow them yourself, to promote a safer, ransomware-free work environment. 

  • Never click on unknown links or email attachments
  • Never disclose personal information
  • Never use or share unknown USB sticks
  • Always update your OS and deploy software patches
  • Only download from trusted sources
  • Use a VPN on public Wi-Fi

Benefits of Incident Response Services 

We can see in the list of attacks above, that while some companies lost it all and paid massive ransoms, some decided not to pay. Why were these companies able to say “no?” They were prepared, with incident response services and appropriately configured backups and storage. With ransomware insurance a hotly debated topic, we can’t rely on insurance to back you up without the right security systems, if at all.

One great way to protect your business from ransomware attack, is to deploy an incident response service to analyse the security of your network, seek out vulnerabilities that could be exploited, and then step in to help with any attack and recovery process. Working with a company like Sangfor Technologies for your incident response service takes the pressure off your IT department, and onto technology where it belongs. Sangfor incident response teams help in the pre, mid and post attack phases, to not only prepare you for attack, but to stop the attacks from happening – or fortify your network against the same type of attack in the future.

Ransomware is not a passing trend, and triple extortion is just the newest of many upcoming surprises. With all the development it’s undergone in just one year, we can certainly expect to see it growing at leaps and bounds in the near future. No one is safe from ransomware, so prepare today!