The Threat of Triple Cyber Extortion is Real

Cyber extortionists prey upon organizations with less mature security teams, inadequate cybersecurity solutions, and are motivated and capable of paying their extortion demands. Fundamental protections should be in place so you can avoid or be prepared when threatened with cyber extortion.

1. Avoid a network breach – In most cases, a ransomware attack is preceded by a network breach of some sort. After the network is breached, command and control is established, additional malware is dropped, lateral movement occurs, and ultimately, the ransomware is downloaded and executed. Best practices include educating users on proper cybersecurity hygiene, employing network and endpoint cybersecurity protection solutions to detect malware, anomalous activity, or Indicators of Compromise (IoCs).
    
2. Remove Vulnerabilities and Backup Data – As much as possible, stay abreast of exploits, run vulnerability assessments, patch, and update computer systems accordingly to avoid compromise. Back up valuable data and test data restoration plans.
    
3. Continuous Threat Intelligence – Cybercriminals are constantly changing their Techniques, Tactics, and Procedures (TTPs). Stay abreast of the latest threat intelligence to help detect, investigate, or proactively hunt for signs of compromise that precede a ransomware attack.
    
4. Proper DDoS Protection – The three main types of DDoS attacks are volumetric, state exhaustion, and application layer. Best practices in DDoS mitigation include a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation as DDoS attacks are increasing in size, frequency, and complexity.

Learn about the Lazarus Bear Armada DDoS extortion campaign from the attacker behavior to the extortion demands and recommended actions from our security team. Read the blog

Cyber extortion is when bad actors demand payment in exchange for forestalling or ending a threat to an online business or entity. This malicious activity often comes in the form of a data/network compromise, data encryption or distributed denial of service (DDoS) attack, which disrupts or completely curtails an organization’s ability to conduct business-as-usual (BAU).

The three most common forms of cyber extortion attack involve:

• Data Encryption – In this type of attack cybercriminals will use ransomware to encrypt their target's data and demand payment in return for the decryption key needed to unlock and access the purloined data.
• Threat of Exposure – Here, cybercriminals infiltrate an organization’s systems and databases, accessing private information, then threaten to release it publicly if the ransom is not paid.
• DDoS Attack – This type of attack typically starts with a small DDoS attack to demonstrate the bad actor’s ability to wreak greater havoc in the future if a payment is not made. 

In order to increase payday and put more pressure on their victims, Cyber extortionists employ all three methods simultaneously – a tactic known as Triple Extortion.

Cyber extortionists generally target organizations with deep pockets and who have inadequate cybersecurity solutions in place. With the advent of ransomware gangs offering ransomware-as-a-service, it is easier than ever for even the least sophisticated cybercriminals to launch a serious and potentially damaging cyber extortion attack.