What is Cyber Extortion?

Cyber extortion is when bad actors demand payment in exchange for forestalling or ending a threat to an online business or entity. This malicious activity often comes in the form of a data/network compromise, data encryption or distributed denial of service (DDoS) attack, which disrupts or completely curtails an organization’s ability to conduct business-as-usual (BAU).

The Threat of Triple Cyber Extortion is Real

Don't Negotiate. Mitigate.

Get protected

What is Cyber Triple Extortion?

Cyber extortion is on the rise. Lured by easy and lucrative financial gain, cybercriminals have become more persistent and sophisticated. New strains of ransomware, ransomware-as-a-service, and affiliated business models have helped turn cyber extortion into a legitimate underground economy. In an attempt to turn up the pressure and odds of a successful payday, bad actors are executing triple extortion consisting of the following threats below.

NETSCOUT experts explain how cybercriminals are combining ransomware and DDoS attacks and how organizations can defend and mitigate the impact.

Encryption of Data

The most traditional method, using ransomware, cybercriminals will encrypt their victim's data and demand payment in return for the decryption key.

Public Exposure of Stolen Data

Before encrypting their victim's data, the cybercriminal has already successfully exfiltrated this data and threatens to expose it publicly unless paid.

DDoS Attack

Usually, after a demonstration DDoS attack, the cybercriminal will threaten to launch a larger, more complex DDoS attack in the future unless paid.

ASERT Threat Summary

Blog Post

Lazarus Bear Armada DDoS Extortion Campaign — December 2020

Protect Yourself from Cyber Extortion

Cyber extortionists prey upon organizations with less mature security teams, inadequate cybersecurity solutions, and are motivated and capable of paying their extortion demands. Fundamental protections should be in place so you can avoid or be prepared when threatened with cyber extortion.

Avoid a network breach – In most cases, a ransomware attack is preceded by a network breach of some sort. After the network is breached, command and control is established, additional malware is dropped, lateral movement occurs, and ultimately, the ransomware is downloaded and executed. Best practices include educating users on proper cybersecurity hygiene, employing network and endpoint cybersecurity protection solutions to detect malware, anomalous activity, or Indicators of Compromise (IoCs).
Remove Vulnerabilities and Backup Data – As much as possible, stay abreast of exploits, run vulnerability assessments, patch, and update computer systems accordingly to avoid compromise. Back up valuable data and test data restoration plans.
Continuous Threat Intelligence – Cybercriminals are constantly changing their Techniques, Tactics, and Procedures (TTPs). Stay abreast of the latest threat intelligence to help detect, investigate, or proactively hunt for signs of compromise that precede a ransomware attack.
Proper DDoS Protection – The three main types of DDoS attacks are volumetric, state exhaustion, and application layer. Best practices in DDoS mitigation include a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation as DDoS attacks are increasing in size, frequency, and complexity.

How to Block Ransomware from Your Network with Arbor Edge Defense

Arbor Edge Defense - The First and Last Line of Smart, Automated Perimeter Defense

A vital component of Netscout Omnis Security, Netscout Arbor Edge Defense (AED), is deployed on-premises, inside the internet router, and outside the firewall, where it acts as the first line of defense. As a last line of defense, AED can detect and block outbound indicators of compromise that have been missed by other tools in your security stack, allowing to block malware or command and control that precede data exfiltration or ransomware attacks.

Learn more about Arbor Edge Defense

Additional Resources

Blog Post

Triple-Extortion Tactics on the Rise for Ransomware Gangs

Cybercriminals have hit the ransomware trifecta by melding file encryption, data theft, and DDoS attacks.

What Is a DDoS Extortion Attack?

Also known as ransom DDoS (RDDoS) attacks, DDoS extortion attacks occur when cybercriminals threaten individuals or organizations with a DDoS incursion unless an extortion demand is paid. These demands call for payment in cryptocurrency in order to avoid traceability by law enforcement authorities.

NETSCOUT Threat Intelligence Report 1H 2021

The unprecedented malicious opportunities triggered by the COVID-19 pandemic presented adversaries with an embarrassment of potential riches. They took full advantage, weaponizing new attack vectors and launching record-breaking DDoS attacks.

Access Report

Blog Post

Five Similarities Between DDoS Extortion and Ransomware Attacks — and One Big Difference

DDoS and ransomware attackers use different methods in their campaigns. But despite that, there are common threads — and one big difference.

Under Attack/ Emergency Provisioning / Increase Mitigation Capacity

844-END-DDOS for US and Canada
+1 734-794-5099 for International