Powered by MOMENTUM MEDIA
Powered by MOMENTUM MEDIA

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Op-Ed: Ransomware increases its impact through double extortion attacks

Joanne Wong

Of all the cyber threats currently facing Australian businesses, one of the most feared is ransomware. By introducing malware into an IT infrastructure, criminals can lock down data stores and then demand significant payments in exchange for the keys.

Of all the cyber threats currently facing Australian businesses, one of the most feared is ransomware. By introducing malware into an IT infrastructure, criminals can lock down data stores and then demand significant payments in exchange for the keys.

Unfortunately, many organisations opt to pay the demanded ransom to regain access to their data. This, in turn, has made ransomware a very attractive vehicle for criminals looking to generate as much money from their activities as possible.

Advertisement
Advertisement

Now, growing numbers are using an additional tactic to ensure payment is made by their victims. It’s a method that’s been ‘double extortion’.

Double dipping

Under the double extortion model, ransomware attackers continue to encrypt data and demand a ransom to regain access. However, they also go a step further and threaten to upload any extricated data online if their terms are not met.

This approach has proven successful for a number of reasons. Firstly, businesses are already terrified of ransomware and the operational impact it can have. Also, even if a ransomware-afflicted business ultimately rids itself of the ransomware, there may still exist a public perception that it paid the ransom, leading to more negative sentiment.

Clearly ransomware groups have realised that the damage caused by ransomware extends far beyond the locking of systems. After all, even the knowledge an attacker is in the network, and the threat of an encrypt button being pressed is enough to make some companies pay out.

Criminal options

Ransomware groups are additionally diversifying their approach by taking copies of data before performing the encryption. This gives them a number of options, each of which has been seen played out in the wild.

Firstly, it proves to the victim and the wider world that they really have breached the organisation. Second, it also adds another layer of extortion through the threat to leak the data. What’s particularly threatening about this approach is that, even if a company decides to restore from backup rather than pay up, that data is still valuable, and the threat of leakage is not diminished.

In the cases where a company does pay the ransom, the cybercriminals can provide worthless assurance that they have deleted their copy of the data. Meanwhile, this data could end up leaked later on or used again to leverage yet another payout.

Boosting security

Thankfully, there are a number of ways in which ransomware attacks can be prevented, or at least mitigated. These methods can also help to ensure the security threat is reduced by minimising the time spent by intruders within the corporate network.

Minimising an attacker’s time inside a company network relies upon the security team being informed of the process by which ransomware attacks are executed. There are five distinct stages that define a ransomware attack, and by being familiar with each phase, security teams can quickly respond to an intrusion.

The five phases of a ransomware attack are exploitation and infection, delivery and execution, backup spoliation, file encryption, and user notification and clean-up.  To match these steps, there are also five phases of defence against ransomware. These phases are preparation, detection, containment, eradication, and recovery.

An organisation’s ability to recognise the five phases of attack and then employing the five phases of defence, lies in effecting monitoring of company networks. It is crucial that organisations recognise the stark nature of the ransomware threat and provide the necessary technological solutions and security teams to ensure this comprehensive monitoring.

The threat of ransomware is unlikely to disappear anytime soon, and the methods being used by cybercriminals continue to become more sophisticated.

For this reason, now is the time to put in place effective protection methods and educate all staff about the threat and the steps they can take to improve security.

Joanne Wong is the vice president, international marketing (APAC and EMEA) at LogRhythm. 

Op-Ed: Ransomware increases its impact through double extortion attacks
Joanne-Wong-csc.jpg
lawyersweekly logo

more from cyber security connect

Corne Mare
Jun 17 2021
Op-Ed: How CISOs can elevate the security posture of critical infrastructure
Almost all organisations operating in today’s hyperconnected digital society understand the import...
Jun 16 2021
5G Networks teams up with DXN
5G Networks has announced a new service agreement between 5GN Wholesale and modular data centre oper...
Jun 16 2021
Australian government bolsters capability to counter cyber crime
The government aims to support Australian organisations and individuals from cyber compromise under ...