Ransomware actors are turning to double-extortion attacks to increase their likelihood of success, with ITPro identifying that payouts now average $1 million.

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separate from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.  

Even if an organization has good backups available, the threat of leaking the data (known as “name and shame”) motivates many companies to pay the ransom to protect customer data and other sensitive information.  

Why does double-extortion ransomware pose a threat to global businesses?

As they investigate a double-extortion ransomware attack in today’s environment, in-house or third-party incident responders must quickly ascertain the volume and types of exfiltrated data that now reside in the hands of the attackers.  

As part of a C-Suite level activity, business executives increasingly need to consider both regulatory requirements and notification processes related to the exfiltrated data. The C-Suite must also consider how this data loss will reflect on their company’s reputation, as well as begin preparing for potential public relations challenges.  

In raising the ante, many double-extortionware occurrences involve 48-hour-or-less response windows, and businesses may be forced to confront a series of critical decisions very quickly that include whether to:

  • Pay a ransom
  • Quickly facilitate payment, if needed
  • Organizationally respond in a manner beyond simply making payment – because even when the ransom is paid, there is no assurance that the data will be returned by the ransomware attackers

It’s time to begin helping organizations protect themselves from double-extortion ransomware

Threat actors are constantly searching for and ready to use zero- and one-day vulnerabilities to compromise organizations around the world. Today, as described above, investigating the attack is critical, because organizations need to think about both recovery from the attack and how to manage risks by preparing for attacks.  

Here’s where rapid business decision-making can help global organizations face down double-extortionware threats today. This offers a two-fold value to global organizations by assuming every business will be affected by a Cloud or SaaS breach, with some even facing double-extortionware scenarios of the type described here. Organizations can prepare for an attack during “peacetime” with Mitiga's Incident Response and Readiness (IR²) solution. Rather than the traditional Incident Response model that is under-equipped to manage double-extortionware threats in tight 48-hour timelines, IR² helps customers prepare for an attack through proactive threat hunting, running drills and exercises, and having data recovery and incident response plans in place.  

Beyond the IR² subscription model, the Mitiga Ransomware Readiness solution optimizes readiness and resilience for cloud ransomware attacks, accelerating response and recovery.

As more stringent regulations have come into effect, data breach notification requirements have become more critical. Understanding, through investigation, what an attacker was able to accomplish in their environment as quickly as possible helps the C-suite quickly determine how to respond and manage attack-related risks, such as notifying the appropriate regulatory authorities, customers, and, sometimes, the public.

Mitiga’s Incident Readiness and Response solutions helps the C-Suite prepare themselves for an attack, make double-extortionware decisions quickly, and gain investigation insights as soon as possible.

Ransomware Readiness: Protecting Your Enterprise Against Today's Most Dangerous Cyberthreats

LAST UPDATED:

January 23, 2025

Don't miss these stories:

Why Wi-Fi Isn’t Enough: Joseph Salazar on Wireless Airspace Security

In this episode of Mitiga Mic, we sit down with cybersecurity veteran Joseph Salazar, now with Bastille Networks, to uncover the vast and often invisible world of wireless attack surfaces. From Bluetooth-enabled coffee mugs and smart thermostats to malicious USB cables that launch attacks from parking lots, Joseph walks us through real-world threats that operate outside your firewall and beyond traditional security tools.

From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security

Solutions Platform Helios AI Cloud Security Data Lake Cloud Threat Detection Investigation and Response Readiness (TDIR) Cloud Detection and Response (CDR) Cloud Investigation and Response Automation (CIRA) Investigation Workbench Managed Services Managed Cloud Detection and Response (C-MDR) Cloud Managed Threat Hunting Cloud and SaaS Incident Response Resources Blog Mitiga Labs Resource Library Incident Response Glossary Company About Us Team Careers Contact Us In the News Home » Blog Main BLOG From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security In this premiere episode of Mitiga Mic, Mitiga’s Co-founder and CTO Ofer Maor joins host Brian Contos to share the journey behind Mitiga’s creation—and how it became the first purpose-built platform for cloud, SaaS, and identity detection and response. Ofer discusses why traditional incident response falls short in modern environments, how Mitiga built its platform from real-world service experience, and the crucial role of automation and AI in modern SOC operations.

Helios AI: Why Cloud Security Needs Intelligent Automation Now

Mitiga launches Helios AI, an intelligent cloud security solution that automates threat detection and response. Its first feature, AI Insights, cuts through noise, speeds up analysis, and boosts SecOps efficiency.

Hackers in Aisle 5: What DragonForce Taught Us About Zero Trust

In a chilling reminder that humans remain the weakest component in cybersecurity, multiple UK retailers have fallen victim to a sophisticated orchestrated cyber-attack by the hacking group known as DragonForce. But this breach was not successful using a zero-day application vulnerability or a complex attack chain. It was built on trust, manipulation, and a cleverly deceptive phone call.

No One Mourns the Wicked: Your Guide to a Successful Salesforce Threat Hunt

Salesforce is a cloud-based platform widely used by organizations to manage customer relationships, sales pipelines, and core business processes.

Tag Your Way In: New Privilege Escalation Technique in GCP

GCP offers fine-grained access control using Identity and access management (IAM) Conditions, allowing organizations to restrict permissions based on context like request time, resource type and resource tags.