In ransomware’s infancy – when it was just encryption and extortion – businesses could counter the attack by restoring from backups, although this isn’t always totally effective. Attacks on operation technology (OT) firms, for example, are estimated to cost up to £200,000 an hour, and healthcare organisations unable to access vital systems means patient care suffers.Īnother concern is career ransomware criminals will stop at nothing to achieve their extortion ambitions. Industries like manufacturing and healthcare regularly top the charts of the most-targeted sectors,mainly because of the severe consequences of downtime. Reduce risk and deliver greater business success with cyber-resilience capabilitiesĪside from the added threat vector of a DDoS attack, or similar, on top of data exfiltration and file encryption, the main concern for many businesses will be the operational downtime such an attack can cause. What is so concerning about triple extortion ransomware?Ĭyber resiliency and end-user performance Ultimately, it means the double extortion threat isn’t as potent as cyber criminals might think, opening the door for strategies that pack a little more punch. Unless the company showed a blatant disregard for data protection in the first place, or failed to implement stronger security measures after the fact, then leniency is applied. In reality, one might argue regulators rarely issue fines to companies that have sustained a leak of data due to double extortion ransomware attacks. Content delivery networks (CDNs) like Cloudflare and Fastly offer effective anti-DDoS protections for businesses, too, so it can seem like overkill. This is arguably the most aggressive tactic of them all but comes with the obvious drawback of being far more expensive to carry out. Launching distributed denial of service (DDoS) attacks is another option. This is especially true if the ransomware operator steals personal data, for example.Ĭyber criminals can also pursue triple extortion through other means like how REvil, at its peak, began calling victims’ clients and tipping off the press to their, pressurising victims to pay up fast. Sure, it could recover its systems from backups just fine, but the threat of its data leaking publically opens the victim up to regulatory punishment and reputational damage. Things become more dangerous for an organisation when its data is on the line. The method was developed to combat a rise in organisations simply restoring impacted systems from backups, the industry-advised best practice for ransomware incidents. What is triple extortion ransomware?Ī triple extortion model builds on the popularised double extortion method, whereby a hacker infiltrates a victim’s environment, steals data – usually of a sensitive nature – and then delivers the ransomware payload. Regardless, it’s a threat the industry must take seriously as it could represent the next major leap in cyber crime. Whether the organisation chooses to make good on this threat remains to be seen, especially given it could be construed as a stroppy retaliation to being knocked offline following the Entrust attack. This comes only shortly after the emergence of double extortion ransomware. Currently the heaviest hitter in the ransomware as a service (RaaS) game, LockBit has announced it will pivot to a triple extortion model for future attacks. WannaCry showed the world how not to write ransomware
0 Comments
Leave a Reply. |