Businesses Should Urgently Reduce The Risk of Extortion Ransomware

A leading cybersecurity expert has warned that businesses need to take urgent steps to reduce the growing number of double extortion ransomware attacks.

Leigham Martin, the group Head of Infrastructure and Security at Doncaster tech firm Connectus Group, said evidence pointed towards the fact that rising numbers of ransomware actors are turning to the method.

He told us: “The simple fact of the matter is that businesses and industries are getting better at protecting themselves and system vendors are also getting better at adopting the secure first model. This, in turn, has forced cyber criminals to adapt their techniques to avoid detection and maximise profit. For ransomware actors the game has now changed, the traditional ransomware campaigns of the infamous WannaCry ad NotPetya are less effective now because organisations are getting better at securing themselves.

With today’s double extortion ransomware campaigns, rather than encrypting files and deleting them without payment (of which companies can recover from backups) cyber criminals are instead turning to exfiltrating company data first. This means that if the victim company refuses to pay then the cyber criminals will leak the data online or sell it to the highest bidder. This opens a whole new world of damages to the victim company including receiving fines from the information commissioner’s office for the associated data breaches.”

Commenting on the risk this poses to businesses, he added: “Double extortion ransomware allows cyber criminals to not just demand ransom for encrypted data but also allows them to continue the attack by threatening to release the data into the public domain should the ransom not be paid. Even if the ransom is paid, how can a business ever know for sure that the data that’s been stolen has properly been deleted from the attacker’s side after the ransom has been met? They can’t.

“Double extortion ransomware criminals threaten to publicly “name and shame” the business if they don’t pay up and this, sadly, seems to be a growing tactic within the cybercriminal underworld. Criminals will leak the company data because of non-payment which then allows other cyber criminals to use any sensitive information that has been leaked to gain further access into a company’s infrastructure, commit fraud or attempt further breaches.

“The threat to businesses from double extortion ransomware is rapidly growing and the fallout from all of this is hugely damaging to a business’s reputation, to its infrastructure and to its ability to operate. In some cases, there are businesses that have had to cease trading because they have been unable to overcome the damage that has been done from a ransomware attack leaving their employees without jobs.”

Leigham said there were a number of steps firms could take in this area to bolster their defences.

He suggested: “Over the next couple of years double extortion ransomware is expected to grow even more. Therefore, to prevent businesses from being a victim to double extortion ransomware, it’s important that businesses take the initiative in securing their assets and by having fundamental protection mechanisms in place. By doing so you can reduce the risk of double extortion ransomware to your business substantially. It is the responsibility of any responsible business to have a plan in place should they ever be affected by a cyber-attack; most businesses don’t have a plan and are then ultimately unable to recover from an attack. Some even end up going into administration because they haven’t been able to deal with the impact that a cyber-attack has had on the business.

“Utilising technology such as two-factor authentication and ensuring that devices are patched and up to date can help to mitigate risks and lower exposure, conducting regular vulnerability assessments and penetration testing can help organisations manage their risk exposure as well as remediation plans.

Centrally managing devices, regular backups, enforcing multi-factor authentication, VPNs, patch management, mail filtering, firewalling and endpoint security are all efficient ways of protecting an organisation from potential malware and ransomware attacks without breaking the bank.”