Beware of the new extortion tactic of ransomware attacks

Sheila Zabeu -

May 14, 2021

The extortion tactics used by ransomware attacks, such as the one suffered in May 2021 by the largest pipeline in the US, have recently gained yet another modality. Until then, cybercriminals would decrypt the stolen data and threaten to leak it publicly if the ransom was not paid. Now, they are going further to raise even more money – they are threatening the hacked companies and third parties that would eventually be harmed if the information became public.

The arrival of the new tactic does not mean that the previous tactic has been abandoned. According to a report by CheckPoint, which specializes in cyber threat intelligence, double extortion was very successful throughout 2020. More than 1,000 companies suffered data leaks for refusing to pay ransoms in that period. In addition, the average amount of ransoms increased 171% last year to approximately $310,000.

The attackers are not content with that third method to further escalate their threats. The first victim of triple extortion to gain prominence was October 2020 involving a Finnish psychotherapy clinic with 40,000 patients. A significant ransom was demanded from the clinic and in parallel smaller amounts were also demanded from patients via email. In the messages, the criminals threatened to publish notes from the therapy sessions.

Most recently, a CheckPoint report recorded a 57% increase in the number of ransomware attacks globally between January and March 2021 amid the release of Microsoft Exchange vulnerabilities. This type of invasion is estimated to have cost businesses around the world around $20 billion in 2020, an amount almost 75% higher than in 2019. Since April, an average of more than 1,000 organizations has been reported as ransomware victims every week. This represents a staggering 102% increase in the number of organizations affected by ransomware compared to early 2020.

The industries that are facing the highest number of ransomware attack attempts globally are healthcare, utilities, and insurance/legal.

The average number of ransomware attacks per organization per week, by sector – April 2021 Source: Checkpoint

How to protect yourself?

CheckPoint presents some recommendations for people to protect themselves against ransomware attacks:

1. Keep an eye on weekends and holidays, when most ransomware attacks happened in 2020.

2. Be sure to install up-to-date updates and patches. Many people and even companies fail to install patches as soon as a vulnerability is disclosed. Procrastination can be costly if ransomware attacks exploit this flaw.

3. Anti-ransomware solutions are a necessary complement to the first and second recommendations above. For example, some ransomware groups use the spear-phishing technique-sending emails to trick individuals into revealing confidential information to break into company systems. Protecting against this type of attack requires anti-ransomware solutions that seek to identify suspicious behaviors commonly exhibited by practitioners of this type of attack.

4. Guidance and information to identify and avoid potential ransomware attacks are crucial. Many cyberattacks start with seemingly harmless messages but use social engineering to get the individual to click on links that will later trigger ransomware attacks. Being well targeted and informed is one of the most important means of defense.

Incidentally, the FBI has confirmed that the DarkSide cybercriminal group was responsible for the ransomware attack on the Colonial Pipeline in the United States. This group works with a Ransomware-as-a-Service (RaaS) model, through which it uses partner programs to carry out cyberattacks. According to Bloomberg, Colonial Pipeline Co. paid almost $5 million to the hackers, contradicting the company‘s initial statements. After receiving the amount, the cybercriminals provided a decryption tool to restore the systems. Representatives from Colonial Pipeline declined to comment on the suit.

In a joint effort, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) and released practices for those responsible for critical infrastructures, such as that of the US pipeline, to enhance their systems to protect against ransomware attacks.