What is triple extortion ransomware?

It’s no secret that online threats from cybercriminals are on the rise. The number of ransomware attacks has more than doubled in the first half of 2021, compared to 2020, according to a recent report by Check Point. This rapid increase has also resulted in 171% surge in ransomware payments, averaging at a staggering £270,000.

One of the reasons for this rapid increase is due to a new type of cyber attack, triple extortion ransomware. But what is triple extortion ransomware and what can companies do to protect themselves against it?

triple extortion ransomwareTriple extortion ransomware

This new type of ransomware is when, rather than just targeting companies, cybercriminals are now demanding ransoms from the company’s customers, partners and any other third parties linked to the business. This enables them to receive the maximum amount of cash each time they successful hack a company.

It works by combining these three types of cyberattacks:

  1. File encryption – As with a traditional ransomware attack, once the cyber criminals have infiltrated a system, they will encrypt all valuable data which will make it, and sometimes the whole system, unavailable to the company. The hackers will then demand a ransom in return for the decryption key.
  2. Data theft – In this instance, cybercriminals will extract the data before encrypting it. They can then threaten to expose this data unless the ransom is paid. This is the second level of extortion which is much harder for the company and victims to ignore. Even if the company has backed up all of its important information, the risk of a data breach and exposure is unavoidable.
  3. DDoS Attacks – This is usually used as a standalone extortion method, however DDoS attacks are now being used in conjunction with other attacks. This creates an even worse situation for the victim and company as it highlights the seriousness of the adversary and creates added stress to the security team trying to respond to the first two attacks.

By combining these three types of attacks and targeting third parties and customers linked to companies, cybercriminals have found the sweet spot that ensures they will make considerably more money. By increasing the pressure and number of attacks within one move, cybercriminals have a much higher likelihood of a payoff.

When did it start?

The first case of triple extortion ransomware was recorded in Finland in 2020 at a psychotherapy clinic. During the attack, hackers infiltrated the system, gaining access to thousands of the clinic’s patient records. The clinic quickly paid the ransom being asked, however, it was later discovered that the hackers were also attacking the patients whose data had been stolen. Cyber criminals were demanding that the patients pay around 240 euros each within 24 hours, or they would leak their personal and private information.

When it comes to company customers, clients, patients and third parties, they have a lot to lose and almost no power over their data. Unfortunately, triple extortion ransomware usually takes advantage of the most vulnerable victims, as they are easier to exploit and have little legal or technical support to fight back.

Due to the seriousness of this breach and significant financial damage caused to the clinic, they were sadly forced to declare bankruptcy and shut down.

Who is most at risk?

When it comes to triple extortion ransomware, there are a number of sectors that are more at risk than others. Commonly, hackers will target the healthcare sector, followed by power and utility companies, legal and insurance industries. Basically, any companies that hold large amounts of their customer’s personal data. These attacks will also usually occur out of hours or during the holidays when staff are maybe not as vigilant as usual.

How to prevent triple extortion ransomware

It’s hard to keep cyberattacks at bay, but there are a few company practices you can follow which will lower the risk of falling victim to tripe extortion ransomware.

  • Do not stop or drop cybersecurity guard out of hours, during weekends or over holidays.
  • Train your staff to spot cyber attacks like malware, phishing, spear phishing and other threats.
  • Constantly monitor for infections that link to Trickbot, Dridex, CobaltSrike, and Emotet, as they will make you vulnerable to Ryuk and other ransomware attacks.
  • Ensure you keep patches up to date. Cybercriminals will look for outdated patches as a way to infiltrate your systems.
  • Use anti-ransomware tools that monitor programs on your systems and spot suspicious or malicious behaviour.
  • Backup all of your valuable data and make sure you test data restore plans that you have in place.
  • Run threat intelligence to stay up to date with new threats and how to prevent them.
  • Employ proper DDoS protection by using a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation.

Finally, companies should also look to deploy specialised cybersecurity solutions that can help prevent and protect against all facets of a triple extortion attack. Unsure what this is? We can help.

E2E Technologies

Here at E2E Technologies, we offer a bespoke cybersecurity service which makes use of several cybersecurity measures simultaneously to ensure that your business is protected on every level.

From regular website and data backups to disaster recovery plans that keep you insured in even the worst case scenarios, we can tailor our IT support packages to your individual needs.

Get in touch with our friendly team of experts today and find out how our cyber security service can give you peace of mind and protect your business from malicious online threats.