Imagine someone locking you out of your own house, digging through your sensitive documents, and threatening to share this private information unless you pay them an exorbitant amount of money. For tech leaders, this is reality. Are you prepared to defend against double extortion?
In Q2 of 2023, ReliaQuest found 1,378 organizations had been named as victims on ransomware data-leak websites, a 64% increase from the previous quarter which was also a record-breaking number of victims representing 838 organizations. Although the number of specific attack families have dropped, the number of victims is rapidly increasing.
Why is ransomware on the rise?
“Previously, executing a ransomware attack required years of development, penetration testing experience, and cryptography, with only moderate profits,” said Gregory Monson, speaking to ITPro. Monson is Manager of the cyber threat intelligence team at Trustwave. He also noted the emergence of the RaaS model playing a role. “Now, Ransomware-as-a-service programs have proliferated on illicit and underground web forums, making it easy and inexpensive for threat actors to partner with ransomware authors.”
Now that it’s easier than ever to buy a foothold within an organization, what are threat actors doing with your data? How will you defend against double extortion?
What is Double Extortion?
Threat actors are clever, and have identified what pain your company is willing to pay to go away. First, they encrypt critical systems within your organization. They may hit you in a particularly sensitive/important season of your business when being locked out will cause immense business disruption. Leaders are often faced with paying the ransom to obtain a decryption key – just to minimize the losses incurred (which can often outweigh the ransom itself.)
Locking you out of your system isn’t the only thing the threat actors aim to do. During the attack they will attempt to steal sensitive data. For some industries such as Healthcare, Financial Services, Manufacturing etc. – this can be disastrous. If your customer’s private data is exposed and they are negatively impacted, they will point their finger at the breach on your watch. This results in immense loss of trust, loss of customers, and a huge blow to your brand.
Last year, Medibank, Australia’s biggest health insurer, experienced a breach that included 9.7 million customers. Both current and former customers data was released on the dark web (Reuters). This incident is one of Australia’s biggest data thefts ever!
Prior to publishing the customer data on the dark web, the threat actors asked for a $10M ransom, which Medibank refused to pay.
To twist the knife, the threat actors began publishing famous people’s embarrassing health info, making it a drip campaign of social terrorism. This inevitably drew more eyes to the breach.
As a result, share price dropped nearly 5%, and multiple class action lawsuits were filed against the company on behalf of affected customers. Aside from their usual dividend, Medibank paused all return of capital to shareholders. They are now taking steps to remediate potential weak points within their cyber posture, and regulators are watching this closely.
How can tech leaders defend against double extortion?
There are various solutions on the market which can notify you when data is leaving your environment, giving you a clue that something nefarious may be happening. There are even a couple forward-leaning providers that allow you to set volume thresholds – so that outflow of data can’t exceed a certain amount until verified and approved. This can help minimize the blast radius of exfiltration.
I’m currently working with vendors that can turn the tables for tech leaders. One will turn your data into “Digital Dust.”