Threat actors know that their destructive business model will thrive if they innovate exploitation techniques and attack vectors. Ransomware developers reap rich dividends by incorporating new features into their code. Triple extortion ransomware is a prime example of this type of destructive innovation. According to the Unit42 research report, the average ransomware demand hiked 518 percent in 2021 against 2020. Also, the average payout demand for ransom surged by 82 percent in the same period.
Ransomware assaults have primarily been designed to encrypt and steal data (double extortion attack). However, as businesses grow and thrive, their attack surface widens, drawing attention from hackers, whose destructive innovation has added teeth to ransomware to make it more potent.
What is triple extortion ransomware?
Triple extortion ransomware is an extended version of double extortion ransomware. It inherits all or most of the tactics of double extortion ransomware, wherein the attacker demands ransom from the company under attack by issuing threats of leaking sensitive data. The hacker adds another dimension to the threat in a triple extortion attack. The attacker may directly approach the victim's clients or suppliers, demanding ransom by issuing data leak threats; the attackers may also launch a Distributed Denial of Service (DDoS) attack or make phone calls to make the situation more stressful. One report detailed cybercriminals launched print bombings as a part of a triple extortion ransomware attack, wherein they gained control over an enterprise's printers and started printing ransom notes.
Triple extortion ransomware has three layers of extracting ransom:
threat to publish sensitive data
create pressure using tactics like DDoS
Earlier DoS and DDoS were associated with extortion called the Ransom Denial of Service (RDoS). The attackers launched a DoS or DDoS attack, targeting a victim's network and demanding a ransom in Bitcoin. But now, attackers have started leveraging the DDoS attack with double extortion ransomware to exert extra pressure on the victim.
Who is vulnerable to triple extortion ransomware?
Companies that hold sensitive client or customer data are the most vulnerable to triple extortion ransomware. Healthcare organizations, government organizations, and private firms are some of the prominent examples which fall prey to such threats. Before unleashing an attack, attackers do their homework and analyze the target company carefully.
In the first documented case (2021) on triple extortion ransomware, a cybercriminal group gained access to the client list of a Finnish physiotherapy provider Vastaamo. Rather than demanding ransom from the service provider, they directly asked patients to make the payout. The demand was accompanied by the threat of publicizing the details of their therapy session and revealing their faces.
How to protect your organization against triple extortion ransomware
The best way to protect your organization against any ransomware attack is to maintain regular backups. Even if you have the practice of maintaining offline and online backups, it is advisable to keep a copy of the backup in an air-gapped (not physically or digitally connected to the network) system.
Apart from that, below are some of the other preventive measures which can help you stay safe against triple extortion ransomware or any other ransomware attack:
Regularly update your security tools and software
Stay up to date with the latest attack vectors and patch any security flaws immediately through the help of the patch management team.
Create strong encryption with backup
Enterprises should take strong encryption measures and a separate backup for data at rest. This way, even if any ransomware encrypts these files, the malware would not be able to expose the data in an unencrypted form. The target organization can retrieve the encrypted data from the backup.
Modern ransomware operators and developers leverage well-researched techniques like spear-phishing to target a victim. Even the most reliable and diligent employee can fall prey to the illusion of the attack. Therefore, enterprises need specialized solutions to tackle such threats. Anti-ransomware solutions are advanced tools that utilize artificial intelligence to monitor the behaviour of different programs running within the system.
Educate employees about cybersecurity threats and best practices
The best way to protect your organization against any cyber attack is to educate your employees about cybersecurity threats and best practices. Cybercriminals are always coming up with new ways to exploit vulnerabilities, and employees need to be aware of the latest trends.
Install advanced endpoint protection solutions
Endpoint protection solutions protect devices and systems from malware and other threats. They use techniques like heuristics, behavioural analysis, and machine learning to detect and block threats.
Monitor your network for any unusual activity
It is essential to monitor your network for any unusual activity. If you notice any suspicious activity, make sure to investigate it immediately.
Restrict user access
It is essential to restrict user access to sensitive data and systems. Only authorized employees should be given access to these resources. Furthermore, employees should only be given access to the resources required to perform their job duties.
Regularly scan for vulnerabilities
Regular vulnerability scanning is essential to identify any security flaws in the system. These scans should be conducted both internally and externally.
The measures mentioned above can help you protect your organization against any ransomware attack. However, it is essential to remember that no single measure can provide complete protection. Therefore, it is important to implement a combination of different measures to ensure your organization's safety.
Are you looking to strengthen your security posture? Contact the Packetlabs team to learn about the various strategies you can implement to protect yourself and your clients from a potential ransomware attack.