New Study: Sophisticated Double Extortion Attacks Causing Business Disruption

Many different industries have been targeted over the past two years by double-extortion ransomware attacks, according to a new study published by Zscaler ThreatLabZ. Zscaler ThreatLabz embedded research team analyzed over 150 billion platform transactions and 36.5 billion blocked attacks between November 2019 and January 2021 to identify emerging ransomware variants, their origins, and how to stop them.

Over the last few years, the ransomware threat has become increasingly dangerous, stated Zscaler, with new methods like double extortion and DDoS attacks making it easy for cybercriminals to sabotage organizations and do long-term damage to their reputation.

In late 2019, Zscaler ThreatLabz noticed a growing preference for ‘double-extortion’ attacks in some of the more active and impactful ransomware families. These attacks are defined by a combination of unwanted encryption of sensitive data by malicious actors and exfiltration of the most consequential files to hold for ransom.

Affected organizations, even if they are able to recover the data from backups, are then threatened with public exposure of their stolen data by criminal groups demanding ransom. In late 2020, the ThreatLabz team noticed that this tactic was further augmented with synchronized DDoS attacks, overloading victim’s websites and putting additional pressure on organizations to cooperate.

‘Use Zero Trust Architecture’

Photo Deepen Desai, CISO and VP of Security Research at Zscaler
“Always patch vulnerabilities, educate employees on spotting suspicious emails, back up data regularly, implement data loss prevention strategy, and use zero trust architecture,” said Deepen Desai, CISO and VP of Security Research at Zscaler.

“Our team expects ransomware attacks to become increasingly targeted in nature where the cybercriminals hit organizations with a higher likelihood of ransom payout,” said Deepen Desai, CISO and VP of Security Research at Zscaler. “We analyzed recent ransomware attacks where cybercriminals had the knowledge of things like the victim’s cyber insurance coverage as well as critical supply-chain vendors bringing them in the crosshairs of these attacks. As such, it is critical for businesses to better understand the risk ransomware represents and take proper precautions to avoid an attack. Always patch vulnerabilities, educate employees on spotting suspicious emails, back up data regularly, implement data loss prevention strategy, and use zero trust architecture to minimize the attack surface and prevent lateral movement.”

Zscaler’s research supports the narrative recently established by the U.S. federal government, which classifies ransomware a national security threat; underscoring the need to prioritize mitigation and contingency measures when protecting against these ongoing threats.

According to the World Economic Forum 2020 Global Risk Report, ransomware was the third most common, and second most damaging type of malware attack recorded in 2020. With payouts averaging $1.45 million per incident, it’s not difficult to see why cybercriminals are increasingly flocking to this new style of high-tech extortion. As the rewards that result from this type of crime increase, risks to government entities, company bottom lines, reputation, data integrity, customer confidence, and business continuity also grow.

Many different industries have been targeted over the past two years by these double-extortion ransomware attacks. The most targeted industries include the following:

  • Manufacturing (12.7%)
  • Services (8.9%)
  • Transportation (8.8%)
  • Retail & wholesale (8.3%)
  • Technology (8%)
Inxy Hosting CDN Marketplace