Ransomware’s New Swindle: Triple Extortion

Ransomware attackers are now demanding cash from the customers of victims too.  

Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes.

Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.

Download “The Evolution of Ransomware” to gain valuable insights on emerging trends amidst rapidly growing attack volumes. Click above to hone your defense intelligence!

“As the numbers reflect a golden attack technique, which combines both a data breach and a ransomware threat, it is clear that attackers are still seeking methods to improve their ransom payment statistics, and their threat efficiency,” Check Point said.

Researchers said the first case of triple extortion they observed in the wild was in October, when a Finnish psychotherapy clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they too paid up.

Meanwhile in February, the REvil ransomware gang started adding distributed-denial-of-service (DDoS) attacks and threatening phone calls aimed at their victims’ business associates — and even calls to journalists to ratchet up the pressure to pay.

“Third-party victims, such as company clients, external colleagues and service providers, are heavily influenced and damaged by data breaches caused by these ransomware attacks, even if their network resources are not targeted directly,” Check Point said. “Whether further ransom is demanded from them or not, they are powerless in the face of such a threat, and have a lot to lose should the incident take a wrong turn. Such victims are a natural target for extortion and might be on the ransomware groups’ radar from now on.”

Double-extortion is a common pressure tactic used by ransomware groups where they encrypt a victim’s data but add even more pressure to pay up with threats to publish sensitive data and make it available to the public.

What Are the Top Ransomware Targets?

Healthcare organizations are most likely to be attacked by ransomware groups and globally the sector is on the receiving end of an average of 109 attempts every week, followed by utilities and the legal and insurance sectors, according to Check Point’s report.

Regionally, organizations in Asia-Pacific get the most attacks, hit an average of about 51 times per week, according to Check Point, but Africa is seeing the biggest increase in the number of attacks, which are up 14 percent just since the start of 2021.

However, there’s no country or organization immune to the dangers of a ransomware attack.

The Colonial Pipeline, which delivers fuel from Texas to the East Coast of the U.S. infamously suffered a recent ransomware attack and was shut down for days, causing shortages, and is still having problems coming back online even after paying $5 million in ransom hours after the attack.

The Dutch suffered a brief Easter-weekend cheese shortage last month following a ransomware attack on a logistics firm for one of the country’s largest grocery store chains. And Babuk Ransomware gang has started leaking information on the D.C. police department following a late April breach.

To fend off the next ransomware gang attack, Check Point advises organizations not to drop their cybersecurity guard off-hours.

“Most ransomware attacks over the past year took place over weekends and holidays when people are less likely to be watching,” the report said.

Other recommendations from Check Point to ward off ransomware include patching, training to help users spot spear-phishing emails, text messages and voicemails, and constant monitoring for infections related to Trickbot, Emotet, Dridex and CobaltSrike, “…as they open the door for Ryuk or other ransomware infections to infiltrate organizations.”

Download our exclusive FREE Threatpost Insider eBook, 2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles