Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main

Ransomware actors are turning to double-extortion attacks to increase their likelihood of success, with ITPro identifying that payouts now average $1 million.

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separate from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.  

Even if an organization has good backups available, the threat of leaking the data (known as “name and shame”) motivates many companies to pay the ransom to protect customer data and other sensitive information.  

Why does double-extortion ransomware pose a threat to global businesses?

As they investigate a double-extortion ransomware attack in today’s environment, in-house or third-party incident responders must quickly ascertain the volume and types of exfiltrated data that now reside in the hands of the attackers.  

As part of a C-Suite level activity, business executives increasingly need to consider both regulatory requirements and notification processes related to the exfiltrated data. The C-Suite must also consider how this data loss will reflect on their company’s reputation, as well as begin preparing for potential public relations challenges.  

In raising the ante, many double-extortionware occurrences involve 48-hour-or-less response windows, and businesses may be forced to confront a series of critical decisions very quickly that include whether to:

  • Pay a ransom
  • Quickly facilitate payment, if needed
  • Organizationally respond in a manner beyond simply making payment – because even when the ransom is paid, there is no assurance that the data will be returned by the ransomware attackers

It’s time to begin helping organizations protect themselves from double-extortion ransomware

Threat actors are constantly searching for and ready to use zero- and one-day vulnerabilities to compromise organizations around the world. Today, as described above, investigating the attack is critical, because organizations need to think about both recovery from the attack and how to manage risks by preparing for attacks.  

Here’s where rapid business decision-making can help global organizations face down double-extortionware threats today. This offers a two-fold value to global organizations by assuming every business will be affected by a Cloud or SaaS breach, with some even facing double-extortionware scenarios of the type described here. Organizations can prepare for an attack during “peacetime” with Mitiga's Incident Response and Readiness (IR²) solution. Rather than the traditional Incident Response model that is under-equipped to manage double-extortionware threats in tight 48-hour timelines, IR² helps customers prepare for an attack through proactive threat hunting, running drills and exercises, and having data recovery and incident response plans in place.  

Beyond the IR² subscription model, the Mitiga Ransomware Readiness solution optimizes readiness and resilience for cloud ransomware attacks, accelerating response and recovery.

As more stringent regulations have come into effect, data breach notification requirements have become more critical. Understanding, through investigation, what an attacker was able to accomplish in their environment as quickly as possible helps the C-suite quickly determine how to respond and manage attack-related risks, such as notifying the appropriate regulatory authorities, customers, and, sometimes, the public.

Mitiga’s Incident Readiness and Response solutions helps the C-Suite prepare themselves for an attack, make double-extortionware decisions quickly, and gain investigation insights as soon as possible.

Ransomware Readiness: Protecting Your Enterprise Against Today's Most Dangerous Cyberthreats

LAST UPDATED:

January 23, 2025

Don't miss these stories:

Frost & Sullivan’s Latest 2025 Frost Radar: The Need for Runtime Cloud Security in a Cloud-First World

Cloud breaches rose 35% year over year in 2024, and legacy security tools are failing to keep up. The rapid sprawl of multi-cloud and SaaS has shattered the assumptions baked into legacy, on-prem, and endpoint-focused security stacks, which can’t keep pace with today’s dynamic attack surfaces.

The Remote Worker Scam: Understanding the North Korean Insider Threat

Recent investigations have uncovered a sophisticated scheme by North Korean operatives to exploit remote work policies in the U.S. tech industry.

Who Touched My GCP Project? Understanding the Principal Part in Cloud Audit Logs – Part 2

This second part of the blog series continues the path to understanding principals and identities in Google Cloud Platform (GCP) Audit Logs. Part one introduced core concepts around GCP logging, the different identity types, service accounts, authentication methods, and impersonation.

Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive

Mitiga's advisory highlights critical gaps in forensic visibility with Google Drive's Basic license, affecting security and incident investigations. Read on.

Cloud Detection vs Cloud Threat Hunting: Insights for Cyber Leaders

As cyber threats evolve, security teams need to detect and mitigate cloud attacks. Learn why cloud detection and threat hunting are key defense strategies.

Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots

A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.