In recent years, ransomware attacks have evolved significantly, adopting more sophisticated tactics to extort victims.
Lukman Oduola of the International Cybersecurity and Digital Forensics Academy (ICDFA) states, “The threat landscape has shifted, and ransomware groups are now using double and triple extortion tactics to maximise their gains.”
Understanding double and triple extortion
Double extortion ransomware combines data encryption with data theft. Attackers not only lock a victim’s files but also steal sensitive information, threatening to leak it if the ransom is not paid. This technique was developed in response to organisations refusing to pay ransoms and restoring from backups instead.
Triple extortion takes it a step further, adding a third layer of pressure, such as demanding a ransom from the victim’s customers or partners or performing a Distributed Denial of Service (DDoS).
The rise of encryption-less ransomware
Encryption-less ransomware focuses on data exfiltration, where attackers steal sensitive data and threaten to publish it unless a ransom is paid. This type of ransomware is particularly damaging, as it can lead to reputational damage and regulatory risks. According to Morphisec, up to 97% of ransomware incidents involve data exfiltration.
Notable ransomware examples
Several ransomware groups have made headlines for their sophisticated tactics and widespread impact. Cl0p Ransomware is known for exploiting zero-day vulnerabilities and using double extortion tactics, where they not only encrypt data but also threaten to leak it if their demands aren’t met.
This group has compromised hundreds of organisations globally, making it a significant threat to businesses and institutions. Qilin Ransomware, on the other hand, offers a highly customizable Ransomware-as-a-Service (RaaS) model, targeting industries that handle sensitive data, such as healthcare and finance.
This allows affiliates to tailor their attacks to specific victims, increasing the likelihood of success.
Akira Ransomware targets small to medium-sized businesses, using double extortion tactics and demanding Bitcoin payments. Its relatively low profile belies its effectiveness in extorting money from vulnerable organisations.
LockBit Ransomware employs intermittent encryption, making it harder to detect, and triple extortion tactics, including Distributed Denial of Service (DDoS) attacks. By adding DDoS attacks to their arsenal, LockBit increases the pressure on victims to pay the ransom, making it a particularly formidable threat.
These examples illustrate the diversity and complexity of modern ransomware attacks, highlighting the need for robust cybersecurity measures to prevent and respond to these threats.
Statistics highlight the severity of the threat
The statistics surrounding ransomware attacks paint a stark picture of the severity of this threat. The average cost of a ransomware incident has skyrocketed, jumping from $686,000 in 2019 to $3.7 million in 2023, a staggering 440% increase.
This dramatic rise underscores the growing financial burden that organisations face when dealing with these types of attacks. Moreover, the total losses attributed to ransomware events over five years are estimated to be around $276 billion, representing a 140-fold increase in financial impact.
This enormous figure highlights the devastating consequences of ransomware attacks on a global scale. Notably, smaller organisations, those with revenues under $100 million, are disproportionately affected, with ransomware accounting for 30-40% of incidents in this group.
These statistics demonstrate the urgent need for effective cybersecurity measures to prevent and mitigate the impact of ransomware attacks, particularly for smaller organisations that may be more vulnerable to these threats.
Defensive strategies
To effectively combat ransomware attacks, organisations should implement a multifaceted defence strategy. Firstly, monitoring outbound traffic is crucial to detect unusual uploads and transfers that may indicate data exfiltration, allowing for swift action to prevent further damage.
Additionally, strengthening data backup practices is vital; this can be achieved by using immutable backups that cannot be altered or deleted by attackers, and regularly testing restoration processes to ensure that data can be quickly recovered in the event of an attack.
Limiting Remote Desktop Protocol (RDP) access is also essential, which can be done by enforcing multi-factor authentication (MFA) to add an extra layer of security and regularly auditing VPN/RDP logs to identify potential security breaches.
Furthermore, utilising Data Loss Prevention (DLP) tools can provide organisations with increased visibility and control over sensitive data, enabling them to detect potential data breaches and take prompt action to prevent them.
Experts stress that by grasping the shifting threat landscape and deploying robust security measures, organisations can minimise the risk of ransomware attacks and shield their sensitive information. According to Lukman, a proactive stance on cybersecurity is vital to outpacing threat actors.
Funminiyi B. Philips is a cybersecurity enthusiast. He can be reached on LinkedIn.
