Multi-Extortion Ransomware Attacks Require New Security Tactics

A robust backup plan has always been considered your best defense from ransomware by ensuring data can be reliably accessed in the event of an attack that encrypts your files. That is no longer an adequate strategy.

Today’s ransomware attacks use a variety of tactics designed to neutralize your data protection strategies. In addition to locking down your production files, the latest ransomware strains may encrypt your backup environment. There’s also a marked increase in double- and triple-extortion techniques designed to coerce victims to pay even if their data is backed up and fully protected.

Applying Pressure

Attackers use double-extortion attacks to increase their chances of getting paid. They exfiltrate sensitive information from a victim’s systems before encrypting it. They can then exert extra pressure on victims by threatening to expose or sell the stolen information unless the ransom is paid.

For good measure, attackers sometimes add a third extortion element, usually a distributed denial-of-service (DDoS) attack. In addition to encrypting and stealing data, attackers also threaten to flood the victim’s systems with an overwhelming amount of network traffic.

In other cases, attackers use harassment tactics to exert additional pressure on victims. They may send intimidating emails, messages or make threatening phone calls to executives or other employees. In some instances, they will impersonate law enforcement or regulatory officials to create a sense of authority and urgency.

Worse, criminal gangs make it easy to launch multi-extortion attacks by offering them as part of their ransomware-as-a-service (RaaS) offerings. Automated ransomware delivery kits are available on the dark web for only about $200. Subscription-based RaaS exploits only cost about $50 a month. At that price point, even threat actors with limited skills can cash in on the ransomware economy.

Fighting Back

Regularly backing up critical data to offline or offsite locations remains an important element of ransomware defense. However, defending against these additional extortion tactics requires a multilayered approach combining various security products and preventive measures. Here are three key technologies that can enhance your security:

1. Zero Trust. Zero trust assumes everyone and everything accessing network resources is a threat until their identity has been verified and validated. It also enforces the principle of least privilege — once verified, users are granted only the minimum amount of access necessary to perform their job functions. Network segmentation features within a zero-trust architecture also limit the spread of ransomware by dividing the network into small, isolated segments. Segmentation also helps contain DDoS attacks and reduces their overall impact.
2. Data Loss Prevention. DLP solutions use artificial intelligence and advanced content analysis to help prevent data exfiltration. They monitor user devices, email clients, file-sharing services, network gateways and other network entry and exit points, alerting administrators if data is shared or transferred in violation of company policies. This helps prevent confidential information such as financial data, trade secrets, credit card numbers, tax documents and medical records from leaving the organization.
3. DDoS Protection. Cloud-based DDoS services enforce security policies for all inbound traffic across your data center and hybrid cloud environments. All traffic is redirected through a scrubbing center before delivery, ensuring that DDoS attacks are identified and interrupted before they reach your systems. Some proxy-based services can also mask your Internet-facing applications, essentially hiding the attack surface from hackers.

Technologent can help you implement these and other solutions that improve your ability to withstand evolving ransomware threats. Through our Rapid Ransomware Response program, we harness the tools and expertise necessary to detect attacks quickly and respond decisively to limit disruptions. Contact us to learn more.