Ransomware attacks have gained a reputation for crippling companies by locking them out of the systems and data files they need to operate. Ransomware gangs infiltrate an enterprise’s intranet and rifle through the systems, applications, and files they use. Employing crypto malware, they encrypt vital information and parts of the network. As a result, a company’s ability to function grinds to a halt, whether it is a factory mass producing products or a service provider supporting the education sector.

In return for a decryption key to unlock their data and systems, companies must pay the threat operator behind the attack a ransom. However, many businesses have become wise to this tactic and now keep regular backups of their systems and networks. In the event of an attack, they can simply restore their assets from a fresh backup and never need to give in to these demands.

However, to combat this defence, ransomware gangs have developed an additional path of attack, commonly referred to as “double extortion”. In this blog, we’ll examine this style of attack and why it is especially lethal for enterprises who store and handle sensitive data.

What is a double extortion ransomware attack?

When threat operators infiltrate an enterprise’s network and begin rummaging through their files and systems to decide what to encrypt, in double extortion attacks, operators simultaneously steal data that is sensitive. The stolen information acts as an insurance policy should the victim attempt to refuse to pay and is used to coerce them. If the ransom is left unpaid, the threat operators threaten to leak the confidential information.

Double extortion attacks can lead to serious data breaches at great cost to victims. Along with fines from data regulators and reparation payments to data subjects, breaches can harm and even destroy a business’s reputation.

Understanding the origin of double extortion

The first recorded account of a double extortion attack occurred back in 2019. The ransomware gang known as Maze launched an attack on a firm specialising in security staff. The gang contacted an independent entity, the computer help website Bleeping Computer, detailing its attack with an additional threat:

“If they don’t begin sending requested money until next Friday, we will begin releasing on public everything that we have downloaded from their network before running Maze.”

The victim did not pay by the deadline and Maze made good on its threat. When it did not receive its ransom, the gang made 700 Megabytes of sensitive data public. This represented only 10% of the data stolen, allowing Maze to reiterate its demand and threaten to release the rest of the files if a payment was not forthcoming.

Secure your data now

If you are seeking a premier data encryption solution to safeguard the sensitive information you store on file and email, at Galaxkey, we can help. Our cutting-edge end-to-end encryption solution offers three layers of powerful data protection and is approved by the National Cyber Security Centre (NCSC). Contact us today for a free trial.