Triple extortion ransomware cyber-threatens companies
- S2 Grupo has explained that the objective of this new type of cyber-attack is not only the money of the compromised company, but also extortion of third parties that may be affected by the disclosure of the extracted data.
- As technologies and attack strategies adapt and transform, modern incidents can turn into a ransomware chain that need not end with an increasing number of victims being harmed.
Valencia April 20, 2023.- Valencian company S2 Grupo, specialized in cybersecurity and critical systems management, has explained that triple extortion ransomware is one of the main cyber threats for companies and entities of all types in 2023.
Ransomware is a type of attack whereby a cybercriminal infiltrates a corporate network to encrypt the data on it and prevent its use. It then extorts money (usually cryptocurrencies) from the victim in exchange for the decryption key.
"The problem that arises is that as organizations have begun to implement backup systems for their important data, hackers have become increasingly creative and have added new and sophisticated features to their cyberattacks", said José Rosell, managing partner of S2 Grupo.
In 2019, the double extortion ransomware attack was born when cybercriminals such as Doppel Paymer or Maze found a second way to persuade victims to pay the ransom for their data, despite having backup copies of the systems. This one consisted of the cyberattackers making a copy of the data so that they could use it in negotiations. In this way, if the victim refuses to pay a ransom, the confidential data stolen from the network will be made public or sold on the black market.
"The double extortion ransomware rendered the backup server useless because cybercriminals have access to sensitive information, and even if an organization can restore its network, the main problem is that the data is made public", explained Miguel A. Juan, managing partner at S2 Grupo.
"In recent years, cybercriminals have reinvented themselves again. A new method of harm has emerged, which is triple extortion ransomware. This type of attack is based not only on seeking money from the compromised company, but also extorting money from third parties that may be affected by the disclosure of the extracted data or continuing to pressure the damaged company to pay," said José Rosell.
"The first triple extortion ransomware took place in October 2020 when the Finnish psychotherapy clinic Vastaamo suffered the cyberattack on its servers and cybercriminals extorted their clients by threatening them with the disclosure of information on their therapy sessions," Miguel A Juan continued.
The problem with this type of ransomware is that not only does it have a new layer of persuading third parties to achieve its goal, but cybercriminals can continue to attack the same organization. For example, if a company has successfully recovered data from backups and is not open to negotiate, attackers can launch a distributed denial-of-service attack to exert more pressure.
Experts at S2 Grupo have concluded that triple extortion ransomware is an extension of the double extortion attack by adding an additional pressure point to get its victim to pay up. In addition to data encryption (the first layer) and the threat of important data leakage (the second layer), the cybercriminal can add another tactic of their choice (the third layer). The third point of extortion can be any kind of technique that ends up getting the compromised company or a third party to pay for the data.
Thus, as technologies and attack strategies adapt and transform, modern incidents can turn into a ransomware chain that need not end, with more and more victims being extorted.