As we’ve covered before, malware developers have moved their focus away from doing periodic damage and into making a career of it. There was a big surge in ransomware around 2017 when WannaCry started making the rounds and showing budding hackers what could be possible.
Since then, however, cybersecurity has tightened around ransomware. Companies rose up to combat the ransomware attacks by cracking open encryption and creating data backups. Windows 10 even has a special ransomware protection setting built into it these days. Now that everyone has backed up their data to respond to ransomware attacks, the threat has been reduced.
In response, malware developers have created a new strain of ransomware: the double extortion strain. This method attacks businesses by adding an extra layer that renders a backup potentially useless.
How Does the New Attack Work?
As you may guess from the name, “double extortion” works by attacking the business twice over. It still uses a database-encryption attack to extort money, but it adds an extra initial attack to ensure a backup doesn’t render the attack useless.
First, before the malware developer attacks with ransomware, they breach in the company’s database. They extract as much data as they can and store it on their servers. After that, they conduct the ransomware attack as normal.
This extra step turns a regular ransomware attack into something businesses can’t ignore. With the data in the hacker’s hands, they can add additional terms to the ransomware attack. For example, if the hacker managed to get ahold of sensitive personal information, they can demand payment to stop the hackers from leaking the information to the public.
The hackers can also use this position of power to slowly apply pressure to someone who won’t pay. For example, they could begin releasing the data on the dark web in small amounts to prove to the victim that they actually have the data.
This strategy defeats any backups the user has. Even if the target can easily recover the data that was encrypted, the threat of a data leak will still do much damage. This is what makes a double extortion attack so deadly, as it defeats any ransomware protection the target has set up.
How Do Companies Protect Against this New Attack?
The security company that broke this news, Checkpoint, recommends reading their article on how to protect yourself from a ransomware attack. The article handles regular ransomware precaution methods, so the first point of making backups isn’t so useful in light of double extortion tactics.
However, the other points are still worthwhile. The best way to prevent this attack is to not allow hackers access to the databases in the first place. Without the data, the hacker can’t make ransom demands.
Unfortunately, due to the coronavirus outbreak, some hackers have targeted hospitals to capitalize on the chaos. As such, healthcare organizations have to step up their defenses to protect themselves from this new strain of ransomware.
A New Era of Ransomware
The cybersecurity world stepped up to stop ransomware, so the ransomware developers have raised their game. Now, a malicious agent will also extract sensitive data to use as leverage for their payment. It’s essential that businesses such as hospitals ensure that no rogue agents get in whatsoever, as even a backup won’t fully solve this new threat.
Are you worried about this new wave of attack, given how vulnerable hospitals are right now? Let us know below.