The Dangers of Double and Triple Extortion in Ransomware>
Artic Wolf Blog – Sule Tatar
Ransomware attacks are evolving with threat actors adopting new tactics like double and triple extortion to increase pressure on victims to pay ransoms
Double extortion involves exfiltrating data before encrypting it, then threatening to publicly release the stolen data if the ransom is not paid
Triple extortion adds another layer like contacting individual victims whose data was compromised, encrypting more systems, or threatening secondary attacks like DDoS
The University of Manchester fell victim to triple extortion in 2023 when hackers contacted students after exfiltrating PII data
Data exfiltration provides leverage by allowing threats of reputational damage, regulatory issues, or enabling secondary attacks using stolen credentials/data
Double extortion is becoming standard, with some ransomware groups launching their own leak sites to release stolen data
To protect against these evolving tactics, organizations should regularly backup data, utilize 24/7 monitoring and incident response, implement identity/access management controls, and maintain a vulnerability management program
Having backups, monitoring for suspicious activity, protecting identities, and patching vulnerabilities can prevent initial access and limit the leverage threat actors gain through data exfiltration.
Link: https://arcticwolf.com/resources/blog/dangers-of-double-and-triple-extortion