Back

Three steps to hell – ransomware’s ‘triple extortion’ threat


Insurer Global Corporate & Specialty (AGCS) recently described ransomware as a “pandemic” that is spreading rapidly around the world that is being driven by three factors

  • the emergence of ready-made and very affordable (as little as US$40 a month) ransomware-as-a-service (RaaS), offered by groups such as REvil and Darkside – it even comes with support!
  • the evolution of extortion tactics, where hackers encrypt data, extract it, compromise it, and then use it as additional leverage in a negotiation
  • additional distributed denial-of-service (DDoS) attacks – if victims refuse to negotiate with hackers and pay a ransom, the bad actors will launch a separate DDoS attack which will cause business interruption by disrupting the corporate network by overwhelming it with a flood of Internet traffic

“Obviously, the first attack is to infect the systems, infect the network with ransomware and then encrypt, so that there’s no access or lack of access into the systems. That’s the first layer [single extortion]. The second layer is really related to the compromise of data so that there’s now exfiltration. Traditionally, you always had consumer data, sensitive information that was compromised, and that would be a data breach. But now there’s encryption, and then on top of that a data breach – either because it’s sensitive personal information or because it’s corporate confidential information.

“That really has two consequences for insurance carriers. One is that now there’s an incident response [required] from a traditional data breach, and related costs associated with that. The second impact is that bad actors are now able to use that sensitive information to increase leverage on their side and to drive up the cost of the ransom. That’s the double extortion. And I think those two mechanisms are almost standard operating procedure at this point. Any time there is a ransomware event, you always have to check whether any information has been compromised.”

Thomas Kang, Head of Cyber, Technology and Media for North America, AGCS

Another development has seen the hackers contact senior management within the organisations they have targeted in order to negotiate directly, even recording the conversations to use as another lever to use.

This is an evolving landscape and not one that any company or individual has a proper handle on. The problem is both global and local and completely industry agnostic. We’re all in this together and we need to share information on how to best fight it.

Source: Insurance Business

Informed Sauce is hosting an Infinidat-sponsored event in London on 2 December about protecting businesses from cyber crime.

Short talks from the Metropolitan Police, a military-trained cyber threat expert and sponsor Infinidat’s EMEA Field CTO will be followed by a panel-led, room-wide moderated discussion, with plenty of opportunities for you to contribute your thoughts and ask questions.

Visit the event microsite for more details and to sign up.



RELATED INSIGHTS