Cybercriminals Move to Multiple Extortion to Make You Pay

As we move past pandemic, cybercriminals have upped their extortion game to make you pay. Modern ransomware attacks have seen a variety of shifts as they advance in patience, scope, complexity, and layers of threats. In the past, attacks were mostly indiscriminate, using email phishing and malvertisements as the primary attack vector. These days, cybercriminals are more likely to select their victims carefully, leveraging specialized exploit kits to infiltrate networks.

The nature of ransomware execution has changed, too. As organizations implement ransomware protection strategies, malicious actors develop increasingly sophisticated and multi-layered attacks. Advanced techniques have paved the way for multi-extortion ransomware that can include several complex attack layers.

A multi-extortion ransomware attack initially involves gaining a persistent foothold, then doing reconnaissance on the network. Next, the cybercriminal will likely attempt to exfiltrate much if not all of the victim's data to use in future levels of extortion. Other tasks performed by the cybercriminals include disabling end point protection software and disabling/deleting backups (or encrypting the backups).

Then it is time for the cybercriminals to announce themselves by encrypting the victim's data and making their initial request for ransom. In the past, cybercriminals might stop here. But the modern cybercriminal is much more sophisticated, and they will go to much further lengths to make you pay the ransom.

Additional Extortion Methods

• Threatening to leak data to the public or sell it on black markets (the Dark Web).
• Internet & web site service disruption via Denial of Service attacks, seriously impacting businesses that rely on Internet and web sites to drive revenue.
• Contacting employees, clients, or vendors, threatening to leak sensitive information.
• Threatening key employees of the victim company.

These methods are done for one reason - to make you pay the ransom.

How to Protect Your Company or Organization

• Continuously train your employees on how to avoid the latest phishing and other cyber threats. Send regular phishing simulations to test which employees are most vulnerable and ensure they get extra training.
• Purchase and maintain Cyber Insurance. The risks to your business are just too great not to have coverage. Make sure you meet any required cybersecurity controls to keep your coverage in effect.
• Make sure you have an Incident Response Plan and test it in a tabletop exercise on an annual basis. Update your plan based on the latest threats.
• Invest in Cybersecurity Tools to protect your systems. MFA. 24x7 Cybersecurity Monitoring (SOC/MDR). Password Managers. Policies and procedures based on a cybersecurity framework such as CIS or NIST. Perform regular vulnerability assessments and penetration testing.

Putting these measures in place will help protect your business from ransomware attacks and give your security team peace of mind that you're doing everything possible to prevent them. Remember, cybersecurity risk can be reduced, but it can never be eliminated.