Out of the numerous cyberattacks aimed at enterprises, governments and educational organisations, ransomware is fast becoming a favoured option of threat actors. Many known attackers have switched up their tactics in recent years for the lucrative criminal industry where unprepared companies make for easy victims.

As with any other form of cyber strike, ransomware attacks have evolved since their inception. When you read about the hits suffered by targets of ransomware gangs in the press, a common term you’ll come across is “double extortion”. In the next sections, we’ll take a deep dive into ransomware attacks and just what a double extortion tactic involves.

Conventional ransomware attack patterns

The traditional tale of a ransomware attacks typically involved a malicious code commonly called crypto malware swiftly encrypting data files using RSA public-key encryption, before deleting the said data files should the selected target refuse to pay the requested ransom.

Ransomware notes were usually left in the form of a landing page or text file on the victim’s system. Messages would state that the enterprise had been the victim of a ransomware attack and either listed a communication method for further negotiations or simply demanded a payment. Ransoms would vary in size, often starting with an exorbitant sum before reducing to a more manageable and affordable amount. Payments are, to this day, still requested in bitcoin or other cryptocurrencies. Not only is crypto hard for the authorities to trace, but it is also almost impossible to reverse a payment once a transaction has been completed.

Since the infamous NotPetya and WannaCry ransomware campaigns conducted during 2017, many enterprises acted and ramped up their cybersecurity defences. A far greater emphasis was put on restoration processes and backups and as a result, even when data files were completely destroyed, organisations had hard copies held in place for such an eventuality and could simply restore their private data.

In reaction, ransomware operators adapted their own methods to increase the success rate of their attacks using double extortion strategies.

How does double extortion ransomware function?

Instead of simply encrypting private data files, a double extortion ransomware attack exfiltrates the files first, prior to barring access to its owners. Data deemed sensitive is effectively stolen and used as leverage against targets. If a business has backed up its private data effectively and refuses to give in to the ransomware gang’s demands, the cybercriminals threaten them with the release of the information online.

This tactic makes data backups and other recovery methods lose their value. Threat operators often post private data exfiltrated on forums on the dark web, or on a dedicated leak site. Sometimes, this will start with an excerpt of information to prove that the data theft took place and that the material is authentic. While sometimes stolen data is exposed free of charge, in other cases it may be auctioned off to other cybercriminals who have the highest bid.

Experts in encryption

If your business seeks to encrypt its own data and keep it safe from cybercriminals, contact our team at Galaxkey today and book a free trial.