The security researchers at Check Point Research closely monitor current security threats and report that a certain mesh is on the rise: double extortion. This means that more and more criminals are not content with encrypting data on computers via ransomware and demanding money for the release, but that more and more threats are being made in parallel with the publication of stolen information in order to build up even more pressure.
This approach picked up speed in November 2019 and, according to Check Point Research, should have increased dramatically in the first quarter of 2020. Worse, hospitals are now being targeted, which in the Corona crisis probably requires complete absence of morality. In the United States, however, the scam has already hit suppliers to the military.
So far, criminals have usually used ransomware to encrypt a company’s data, thereby paralyzing operations and then demanding a certain amount of money to be released – mostly payable in Bitcoin. Those who did not pay did not receive the key for their data and had to hope to get everything back up and running as quickly as possible.
In the meantime, the attackers are increasingly relying on a second level: They steal sensitive data even before encryption and threaten to publish it in the course of the ransom demand. Often you even take a warning shot and reveal small parts of the entire fund in advance in the Darknet. According to an FBI report, around 2,000 were affected by simple ransomware attacks in 2019, which is worrying enough. Double extortion can be even more fatal for a company, should sensitive data come to the public and possibly play into the hands of competitors.
Many cyber criminals open specific websites solely for the purpose of publishing stolen data. Such a publication can have even more far-reaching consequences for companies if, for example, customer data has also been stolen. This would result in severe penalties from authorities responsible for data protection. In the meantime, some insurance companies therefore recommend paying ransom amounts to hackers, as the costs can otherwise be many times higher. On the other hand, there is a risk of losing your image if a successful attack becomes public.
Such incidents are generally complex for companies, because in some cases they are obliged to publicly acknowledge such attacks and possible consequences – in order to inform the authorities and warn customers, employees and partners. Private individuals can of course also be affected – you know the emails, for example, the computer’s webcam has been hacked and you were filmed while doing a rather unfavorable job.
–
