What is Cyber Triple Extortion?
Cyber extortion is on the rise. Lured by easy and lucrative financial gain, cybercriminals have become more persistent and sophisticated. New strains of ransomware, ransomware-as-a-service, and affiliated business models have helped turn cyber extortion into a legitimate underground economy. In an attempt to turn up the pressure and odds of a successful payday, bad actors are executing triple extortion consisting of the following threats below.
NETSCOUT experts explain how cybercriminals are combining ransomware and DDoS attacks and how organizations can defend and mitigate the impact.
Encryption of Data
The most traditional method, using ransomware, cybercriminals will encrypt their victim's data and demand payment in return for the decryption key.
Public Exposure of Stolen Data
Before encrypting their victim's data, the cybercriminal has already successfully exfiltrated this data and threatens to expose it publicly unless paid.
Usually, after a demonstration DDoS attack, the cybercriminal will threaten to launch a larger, more complex DDoS attack in the future unless paid.
ASERT Threat Summary
Protect Yourself from Cyber Extortion
Cyber extortionists prey upon organizations with less mature security teams, inadequate cybersecurity solutions, and are motivated and capable of paying their extortion demands. Fundamental protections should be in place so you can avoid or be prepared when threatened with cyber extortion.
- Avoid a network breach – In most cases, a ransomware attack is preceded by a network breach of some sort. After the network is breached, command and control is established, additional malware is dropped, lateral movement occurs, and ultimately, the ransomware is downloaded and executed. Best practices include educating users on proper cybersecurity hygiene, employing network and endpoint cybersecurity protection solutions to detect malware, anomalous activity, or Indicators of Compromise (IoCs).
- Remove Vulnerabilities and Backup Data – As much as possible, stay abreast of exploits, run vulnerability assessments, patch, and update computer systems accordingly to avoid compromise. Back up valuable data and test data restoration plans.
- Continuous Threat Intelligence – Cybercriminals are constantly changing their Techniques, Tactics, and Procedures (TTPs). Stay abreast of the latest threat intelligence to help detect, investigate, or proactively hunt for signs of compromise that precede a ransomware attack.
- Proper DDoS Protection – The three main types of DDoS attacks are volumetric, state exhaustion, and application layer. Best practices in DDoS mitigation include a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation as DDoS attacks are increasing in size, frequency, and complexity.
NETSCOUT DDoS Threat Intelligence Report 2H 2022
The rising tide of DDoS attacks threaten organizations worldwide that deliver critical access and services. This tide brings new threats, evolving tactics, and a doubling-down on adversary methodologies to launch hybrid application-layer and botnet-based direct-path DDoS attacks.
Triple-Extortion Tactics on the Rise for Ransomware Gangs
Cybercriminals have hit the ransomware trifecta by melding file encryption, data theft, and DDoS attacks.
What Is a DDoS Extortion Attack?
Also known as ransom DDoS (RDDoS) attacks, DDoS extortion attacks occur when cybercriminals threaten individuals or organizations with a DDoS incursion unless an extortion demand is paid. These demands call for payment in cryptocurrency in order to avoid traceability by law enforcement authorities.
Five Similarities Between DDoS Extortion and Ransomware Attacks — and One Big Difference
DDoS and ransomware attackers use different methods in their campaigns. But despite that, there are common threads — and one big difference.
Under Attack/ Emergency Provisioning / Increase Mitigation Capacity
844-END-DDOS for US and Canada
+1 734-794-5099 for International