Don't Negotiate. Mitigate.
Cyber extortion is on the rise. Lured by easy and lucrative financial gain, cybercriminals have become more persistent and sophisticated. New strains of ransomware, ransomware-as-a-service, and affiliated business models have helped turn cyber extortion into a legitimate underground economy. In an attempt to turn up the pressure and odds of a successful payday, bad actors are executing triple extortion consisting of:
Cyber extortionists prey upon organizations with less mature security teams, inadequate cybersecurity solutions, and are motivated and capable of paying their extortion demands. Fundamental protections should be in place so you can avoid or be prepared when threatened with cyber extortion.
- Avoid a network breach – In most cases, a ransomware attack is preceded by a network breach of some sort. After the network is breached, command and control is established, additional malware is dropped, lateral movement occurs, and ultimately, the ransomware is downloaded and executed. Best practices include educating users on proper cybersecurity hygiene, employing network and endpoint cybersecurity protection solutions to detect malware, anomalous activity, or Indicators of Compromise (IoCs).
- Remove Vulnerabilities and Backup Data – As much as possible, stay abreast of exploits, run vulnerability assessments, patch, and update computer systems accordingly to avoid compromise. Back up valuable data and test data restoration plans.
- Continuous Threat Intelligence – Cybercriminals are constantly changing their Techniques, Tactics, and Procedures (TTPs). Stay abreast of the latest threat intelligence to help detect, investigate, or proactively hunt for signs of compromise that precede a ransomware attack.
- Proper DDoS Protection – The three main types of DDoS attacks are volumetric, state exhaustion, and application layer. Best practices in DDoS mitigation include a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation as DDoS attacks are increasing in size, frequency, and complexity.
Learn about the Lazarus Bear Armada DDoS extortion campaign from the attacker behavior to the extortion demands and recommended actions from our security team. Read the blog
What is Cyber Extortion?
Cyber extortion is when bad actors demand payment in exchange for forestalling or ending a threat to an online business or entity. This malicious activity often comes in the form of a data/network compromise, data encryption or distributed denial of service (DDoS) attack, which disrupts or completely curtails an organization’s ability to conduct business-as-usual (BAU).
The three most common forms of cyber extortion attack involve:
- Data Encryption – In this type of attack cybercriminals will use ransomware to encrypt their target's data and demand payment in return for the decryption key needed to unlock and access the purloined data.
- Threat of Exposure – Here, cybercriminals infiltrate an organization’s systems and databases, accessing private information, then threaten to release it publicly if the ransom is not paid.
- DDoS Attack – This type of attack typically starts with a small DDoS attack to demonstrate the bad actor’s ability to wreak greater havoc in the future if a payment is not made.
In order to increase payday and put more pressure on their victims, Cyber extortionists employ all three methods simultaneously – a tactic known as Triple Extortion.
Cyber extortionists generally target organizations with deep pockets and who have inadequate cybersecurity solutions in place. With the advent of ransomware gangs offering ransomware-as-a-service, it is easier than ever for even the least sophisticated cybercriminals to launch a serious and potentially damaging cyber extortion attack.
Ransomware Plus DDoS = Triple Extortion
In this interview, NETSCOUT explains how cybercriminals are combining ransomware and DDoS attacks and how organizations can defend and mitigate the impact.
Triple-Extortion Tactics on the Rise for Ransomware Gangs
Cybercriminals have hit the ransomware trifecta by melding file encryption, data theft, and DDoS attacks.
What Is a DDoS Extortion Attack?
Also known as ransom DDoS (RDDoS) attacks, DDoS extortion attacks occur when cybercriminals threaten individuals or organizations with a DDoS incursion unless an extortion demand is paid. These demands call for payment in cryptocurrency in order to avoid traceability by law enforcement authorities.
NETSCOUT Threat Intelligence Report 2H 2020
The latest NETSCOUT Threat Intelligence Report shows the COVID-19 pandemic drove unprecedented DDoS attack activity in 2020 as adversaries targeted critical online services and remote-work access came under fire. Meanwhile, a global DDoS extortion campaign affected thousands of companies and drove a significant increase in DDoS extortion attacks.