What is “Exponential Ransomware?”

As we head into the holiday season and turn our thoughts to the start of a new year, it’s a good time to think about some of the new waves of cyber threats looming on the horizon.

If there’s anything that 2022 has taught us, cybercriminals are growing more aggressive, and their monetization strategies are becoming more diversified. The increasing prevalence of multi-level ransomware attacks is of specific concern to all of us as we think about how best to protect ourselves. Ransomware has evolved from straightforward data encryption to complex double and triple extortion schemes.

Steady Diversification 

Let’s take a look at how these attacks work:

Traditionally, ransomware schemes follow the following formula –  a hacker infiltrates a network, seizes data, and renders it inaccessible until the target organization pays the ransom. 

In double extortion attacks, hackers encrypt AND exfiltrate an organization’s data.

According to Help Net Security, this evolution, referred to as Ransomware 2.0, was a significant development in 2020. Only one ransomware group was observed using this type of extortion in 2019. But, by the end of 2020, 15 different ransomware families had adopted this approach.

The latest trend, triple extortion, reared its ugly head in late 2020. Triple extortion schemes are even more nefarious, as hackers demand payments from their primary target and other entities or stakeholders that a data leak might impact. These victims might include clients, partners, suppliers, or even patients if the target organization is a healthcare provider.

 

Stooping to New Lows

The attack on Finnish psychotherapy provider, Vastaamo provides a shocking example of the devastating nature of such attacks. After compromising Vastaamo’s network and stealing sensitive medical records, hackers started emailing over 40,000 patients whose data was stolen. They threatened to leak victims’ mental health records onto the internet unless they provided bitcoin payments. Some of the people whose data was stolen were underage.

Just a few months ago, LockBitSupp, LockBit's public face, claimed that the gang is incorporating the use DDoS, encryption, and public leak threats as part of its broader triple extortion tactics. The gang believes that the triple extortion approach will prevent targets from refusing to pay. LockBitSupp also wrote in a post on a hacker forum that he’s looking for dudosers (DDoSers) to join the team. 

Don’t Let Exponential Ransomware Cost You

Be it double or triple extortion ransomware, financial extortion is here to stay and represents a threat every organization should focus on defending against.

Governments expect ransomware attacks to cost more than $265 billion by 2031.

Every dollar invested now to prepare is a fraction of the cost of paying ransoms, incident response, or the public relations and/or privacy losses that could be. Need more information? Please feel free to reach out for consult with one of our Virtual CISOs. There’s no charge for a first conversation, and with the holidays coming on, and the already increased volume of holiday scams, this conversation might be the best one you have today.