July 14, 2022

Stop Ransomware Attackers From Getting Paid to Play Double-Extortionware Games

By

Ransomware actors are turning to double-extortion attacks to increase their likelihood of success, with ITPro identifying that payouts now average $1 million.

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separate from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.  

Even if an organization has good backups available, the threat of leaking the data (known as “name and shame”) motivates many companies to pay the ransom to protect customer data and other sensitive information.  

Why does double-extortion ransomware pose a threat to global businesses?

As they investigate a double-extortion ransomware attack in today’s environment, in-house or third-party incident responders must quickly ascertain the volume and types of exfiltrated data that now reside in the hands of the attackers.  

As part of a C-Suite level activity, business executives increasingly need to consider both regulatory requirements and notification processes related to the exfiltrated data. The C-Suite must also consider how this data loss will reflect on their company’s reputation, as well as begin preparing for potential public relations challenges.  

In raising the ante, many double-extortionware occurrences involve 48-hour-or-less response windows, and businesses may be forced to confront a series of critical decisions very quickly that include whether to:

  • Pay a ransom
  • Quickly facilitate payment, if needed
  • Organizationally respond in a manner beyond simply making payment – because even when the ransom is paid, there is no assurance that the data will be returned by the ransomware attackers

It’s time to begin helping organizations protect themselves from double-extortion ransomware

Threat actors are constantly searching for and ready to use zero- and one-day vulnerabilities to compromise organizations around the world. Today, as described above, investigating the attack is critical, because organizations need to think about both recovery from the attack and how to manage risks by preparing for attacks.  

Here’s where rapid business decision-making can help global organizations face down double-extortionware threats today. This offers a two-fold value to global organizations by assuming every business will be affected by a Cloud or SaaS breach, with some even facing double-extortionware scenarios of the type described here. Organizations can prepare for an attack during “peacetime” with Mitiga's Incident Response and Readiness (IR²) solution. Rather than the traditional Incident Response model that is under-equipped to manage double-extortionware threats in tight 48-hour timelines, IR² helps customers prepare for an attack through proactive threat hunting, running drills and exercises, and having data recovery and incident response plans in place.  

Beyond the IR² subscription model, the Mitiga Ransomware Readiness solution optimizes readiness and resilience for cloud ransomware attacks, accelerating response and recovery.

As more stringent regulations have come into effect, data breach notification requirements have become more critical. Understanding, through investigation, what an attacker was able to accomplish in their environment as quickly as possible helps the C-suite quickly determine how to respond and manage attack-related risks, such as notifying the appropriate regulatory authorities, customers, and, sometimes, the public.

Mitiga’s Incident Readiness and Response solutions helps the C-Suite prepare themselves for an attack, make double-extortionware decisions quickly, and gain investigation insights as soon as possible.

5 Ways to Reduce the Threat Posed by Cloud-Aware Ransomware

Don't miss these stories:

November 21, 2022
Ransomware Heads-Up: Family Isn’t the Only Holiday Gang In Town

In this blog, Mitiga Vice President of Consulting Services Rob Floodeen provides several recommendations on how cybersecurity teams can make it through the upcoming holiday season with reduced ransomware visitors.

November 15, 2022
Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots

A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.

September 19, 2022
Uber Cybersecurity Incident: Which Logs Do IR Teams Need to Focus On?

On September the 16th, Uber announced they experienced a major breach in their organization in which malicious actor was able to log in and take over multiple services and internal tools used at Uber. What are some of the logs that IR teams should be focusing on in their investigation?

Want to stay up to date on the latest Mitiga news and research? Subscribe to our blog!
SOLUTIONSBLOGABOUTCAREERSCONTACT
Copyright ©️ Mitiga Security Inc. All rights reserved | Terms of Use | Privacy Policy