Here’s a great post from our blog by Roger Grimes our Data-Driven Evangelist explaining the various ways ransomware has gone way beyond simple extortion and data encryption.
I keep seeing a new ransomware term, “double extortion” being discussed. It is the hot, new buzzword surrounding ransomware. This term attempts to summarize how ransomware is no longer just encrypting data and how ransomware gangs are more commonly using data exfiltration and the threat of releasing that data to hackers or the public to get paid. An example of a common use for this term is, “A good backup will no longer save you because of double extortion!”
That is true. But it is really worse than that. If only it was double extortion.
Starting in late 2019, the first ransomware gangs started to use data exfiltration as a tactic. They got paid more money more often. Other ransomware gangs noticed and by the end of 2019, 10-15% of ransomware attacks involved data exfiltration. By the end of 2020, that number was over 70%. Now, halfway through 2021, it is over 80%. This means that if you get hit by ransomware, odds are your company will also have a data exfiltration issue to deal with.
But that is not all they do now. Besides stealing data, cyber criminals are stealing company, employee and customer passwords. It used to be that if they stole passwords, they only stole them to help infect more machines in the same network. Not anymore. Now, their primary goal for stealing passwords is to cause more damage and to do more extortion.
Read the rest here!