Blog / The Threat of Quadruple Extortion
Ransomware is making headlines yet again with “quadruple extortion”. As regular readers know by now, ransomware has become hackers’ preferred mode of attack. Just in case you don’t know by now, ransomware is malicious software that encrypts files and holds them hostage until the victim, usually a business of some kind, pays a ransom to release them.
This form of extortion has clearly been successful, since ransomware attacks have rapidly evolved over the years. First, hackers were no longer content to just encrypt data, but also threated to leak it onto the dark web to “encourage” payment.
This form of double extortion apparently wasn’t enough, because the hackers are make ransomware even more painful. Early 2021 saw the first cases of quadruple extortion. Hackers have doubled down on ransomware, so to speak, by threatening victims with four different punishments for refusal to pay, likely in an attempt to make ransomware attacks more impactful on a wider variety of businesses.
So what exactly are the four prongs of a quadruple-extortion ransomware attack?
1. Files are encrypted
Failure to pay means your files remain locked. This was the original punishment for non-payment.
2. Data is stolen/leaked
In addition to files being encrypted, the attacker also downloads some (or all) of your data and adds a threat to release or sell the data, likely on the dark web.
3. Denial of Service attack
One of the new grim twists on a ransomware attack is the inclusion of a Denial of Service attack. The ransomware has already made it into your network, so hackers can easily disrupt services like payment processors, websites, email, and more, until you pay up. This can be particularly grim for businesses that offer online portals for clients to access the application and data.
4. Harassment and/or threats
Prong four is new to the ransomware landscape but not to criminals in general, and it’s the simple tactic of threatening people. Hackers will hunt through the data they’ve stolen to find contact information and threaten to start harassing clients, colleagues, vendors or anyone else they may be able to.
Currently the typical ransomware attack involves only the first and second forms of extortion, but the truth is a lot of companies consider those threats to be little more than an annoyance. Shutting down important services, on the other hand, greatly increases the likelihood of being paid as it can quickly impact the bottom line. Add to this the threat of clients getting harassed by criminals and it’s not hard to understand why businesses might be willing to pay.
Thankfully these attacks haven’t been widely adopted yet, but that’s about all the good news there is. Bad actors are always looking for ways to make their attacks more effective so it was only a matter of time before the double-extortion approach was “improved”. You can bet hacker groups not involved yet at this level are closely watching the effectiveness of this new approach.
Ransomware has always been a serious problem, but it’s important to remember that it’s not a static threat and is always changing and adapting. That’s why this week’s Shakespeare quote comes from Henry IV part 2, “Presume not that I am the thing I was.”
If you have any questions about ransomware defense, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind, Courtesy of Your Friendly Neighbourhood Cyber-Man.