You are currently viewing What is “Double-Extortion Ransomware”?

What is “Double-Extortion Ransomware”?

Ransomware a “business”???  Yes, unfortunately criminal activity and extortion of businesses continues to escalate into not just any business, but a highly lucrative and booming one.  Just like any other “business” cybercriminals are on their game as it relates to strategic-planning and expansion, identifying new profit opportunities. 

The most recent known as Double-Extortion Ransomware strategy: where cyber-criminals double dip on their crime and extortion by, not just encrypting files and requesting a business top pay a hefty ransom; instead, they’re exfiltrating the data first and hence can now also profit from higher profit by threatening to leak the data online OR sell it to the highest bidder.  A recent article on Threat Post which reviews findings from Group-IB’s Hi-Tech Crime Trends Report 2021/2022, confirms a 935% spike in the number of organizations who’ve had their data stolen and exposed on a data leak site (DLS).   This same report identifies Phishing Scam Affiliate Groups accounting for more than 70 new programs which have popped up in the last year and are responsible for about $10M in scamming money over the past year.

What can you do to fight cyber-crime?  With the increase in technology tools and sophistication used by cybercriminals, it’s easy for business leaders to have a sense of “helplessness”; however,  user education and awareness is a cyber-criminal’s worse enemy.  Make sure that you are taking time to talk to you team about keeping a heightened sense of awareness as it relates to their every-day use of your company’s technology resources and their personal ones, of course.  Encourage them to always ASK before taking action if anything seems “odd” or “off”, even if it’s nothing, they should trust their instincts and feel better about the actions that their taking.

Here are some trending scams to keep an out for this month:

  • Florida Attorney General Ashley Moody is warning Floridians of a new scam making its way across FL.  Scammers are contacting Florida residents and claiming that the resident missed jury duty and must pay a fine immediately or they may be arrested and forced to pay larger fines.  Some tips for them to keep in mind:
    • Know that jury duty summons will come by mail and a resident will not be contacted by phone or email.
    • Whenever unsure, contact your local court clerk’s office to verify if there is a valid jury duty issue.
    • Never give personal or financial information over the phone
    • Be wary, even if the caller ID is coming from a local number, which makes the phone call look like it’s coming from a real source as there is a tactic used by criminals called “spoofing”.
  • Tax Refund/ IRS Scams- mostly initiating via phone call or text message
  • Mailbox Storage/ System Maintenance Phishing – email comes from what “appears to be” a businesses IT department and requests the recipient to click on a link to adjust their mailbox storage settings or update their password information.
    • ALWAYS VERIFY before taking action