Cybersecurity experts are reporting a rise in ransomware gangs implementing double extortion strategies.

The tactics employed are increasingly focused on using the threat of private data being published to apply greater pressure levels on victims, in a bid to make them pay out requested ransoms.

Attackers applying leverage on targets

ZeroFOX, a cybersecurity firm based in Baltimore in the United States, has been tracking the activity of ransomware gangs and recorded a surge in two-pronged attacks. Previous ransomware assaults involved the encryption of important files firms needed to operate, but gangs were discovering that well-prepared companies had backed up their systems and data. Instead of paying up, companies hit would refuse, and simply restore their saved files.

To combat this, ransomware groups began not only infiltrating company servers and encrypting data, but exfiltrating as well, stealing copies of files and threatening to make the information they contained public unless a specified amount of money was paid.

Knowing that data breaches can be exceptionally expensive for firms, data stolen by threat operators is sensitive or personal in nature, making it ideal for this form of blackmail.

A burgeoning business

Double extortion attacks have proved a lucrative and successful strategy for ransomware gangs. Recently, researchers at ZeroFOX tracked 24 different sites on the dark web established specifically to leak private information stolen in ransomware attacks, and found an increasing number of these cybercriminal gangs were using this type of extortion.

The study showed that the most successful ransomware groups were those who had initially adopted the tactic and were well-practiced at using it to great effect. These cybercriminal pioneers included Maze, REvil, DopplePamer and Networker ransomware gangs, but many new threat operators have been quick studies and enjoyed successful strikes in 2021.

Egregor and Conti have been exceptionally prolific this year. Egregor has reportedly attained much of its success by employing splintered members from the Maze ransomware operation, which explicitly stated it had shut down back in November 2020.

Much like legitimate software companies, groups want to hire the best people to ensure that their product is as successful as possible – unfortunately, in this case, success comes at the cost of innocent victims who find their networks have been encrypted by a ransomware attack.

Ultimately, the newly employed double extortion tactics are becoming so commonly used by ransomware groups because they are highly effective and get results, with many enterprises and organisations unfortunately conceding to ransom demands. The increasingly aggressive and persistent attacks have often proved too much for firms to take, in the recent economic climate of COVID-19 that has put pressure on business across the globe.

Keeping cybercriminals out of company networks is crucial to staying protected from ransomware assaults. Multifactor authentication on account is critical, along with rigorous update protocols that ensure security patches are applied immediately, leaving zero vulnerabilities. To ensure that company data remains unusable by cybercriminals and cannot be used as collateral in blackmail schemes, encryption software is also an absolute must.