The rise of double extortion ransomware

No Comments
Ransomware sign

We've become familiar with the widespread use of ransomware, but researchers at Rapid7 have been examining the rise of a newer phenomenon, 'double extortion'.

Pioneered by the Maze ransomware group, double extortion involves cybercriminals collecting files before encrypting them. Then if the target organization refuses to pay they threaten to release sensitive information.

Researchers believe the growing adoption of backups as one of the best lines of defense against ransomware file encryption has likely influenced this trend. Backups give victims the ability to restore their files without paying ransoms, however, they can't protect victims from the coercive pressure of the data disclosure layer of double extortion.

"They hit you with with ransomware and then they have a bunch of files that they've stolen," says Erick Galinkin, principal AI researcher at Rapid7. "And if you say, 'Well, we have backups, we're not going to pay you.' They say, 'We've got all this stuff and we're happy to release it to the world if you don't want to pay.' Some of these stolen files get released publicly and nearly always there's an opportunity to pay the ransom before more data gets disclosed. They do that initial data disclosure and they say, 'We're going to give you a little bit more time, now that we've proven that we have this, before we release everything that we took from you.' The intent is to pressure businesses into payment."

Rapid7 analysts investigated 161 separate data disclosures between April 2020 and February 2022. The now-defunct Maze ransomware group was the leader of the double extortion tactic in 2020, accounting for 30 percent of all 94 reported April-December 2020 incidents. This 'market share' is remarkable since Maze was active for only 10 out of 12 months that year before shutting down in early November 2020. Other top ransomware groups with data disclosures that year were REvil/Sodinokibi (19 percent), Conti (14 percent), and NetWalker (12 percent).

Financial data is the most commonly leaked (63 percent), followed by customer/patient data (48 percent). Intellectual property is rarely leaked in general (12 percent), except in pharmaceuticals, where it has been included in 43 percent of the disclosures investigated.

You can read more on the Rapid7 blog.

Image credit: Yuri_Vlasenko / depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Canonical releases Ubuntu Linux 24.04 LTS 'Noble Numbat'

New tool lets enterprises build their own secure gen AI chatbots

Younger women are going into cybersecurity but more needs to be done

Politically motivated DDoS attacks on the rise

TCL 50 XL 5G Android smartphone hits Metro by T-Mobile: Big features, small price

The increasing sophistication of synthetic identity fraud

The NIST/NVD situation and vulnerability management programs

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.