AvosLockerĪvosLocker is another RaaS group that uses triple extortion tactics. BlackCat is famous for posting stolen information on a dedicated website if the ransom demands are not paid. If the business refuses to pay the ransom, the service provided by the ransomware group also includes DDoS attacks as an additional extortion technique to force the victim to pay. BlackCat, also known as the ALPHV ransomware gang, is known to exfiltrate a business’s information before they encrypt the data. Recent examples of triple ransomware extortion include the targeted businesses by the BlackCat RaaS affiliate program.
In the new triple extortion ransomware attack, the most popular RaaS groups have included DDoS attacks in their service, which can be leveraged as an additional extortion technique. This combination of encryption and exfiltration of sensitive data is known as a double extortion ransomware attack. This exfiltrated data can be sold on the internet or used to blackmail the targeted business into paying a ransom. With RaaS, ransomware groups provide multiple capabilities that other threat actors can use to target a business with multiple attack vectors.įor instance, instead of just encrypting the targeted business’s sensitive data, the attacker can use a variant of the RaaS to exfiltrate an organization’s data before encrypting it. These combinations of multiple attacks are becoming easy to conduct since criminal organizations are offering them as a service anyone can use called ransomware as a service (RaaS). Along with the loss of their data and the availability of their services, the targeted victims are also faced with potential public exposure of sensitive information, which could have serious consequences for their reputation and business. Triple extortion attacks are becoming more common as cybercriminals look for new ways to maximize their profits. What is fueling triple extortion ransomware attacks? It is generally not recommended to pay the ransom, as doing so only incentivizes cybercriminals to continue their attacks. It is important to note that paying the ransom does not guarantee that the attacker stops targeting the victim with DDoS attacks or prevents the public exposure of sensitive information. The bottom line is the more pressure cybercriminals can put on a business, the better their chances of extracting the ransom payment. This combined attack using triple extortion methods puts additional pressure on the victim to pay the ransom to get their network online or stop the attacker from posting the leaked information on the internet. In addition to the damage caused by the ransomware, the victims also suffer loss of revenue from the downtime caused by the DDoS attack.
Once the victim's network is down, the organization has no way to respond to the ransomware breach and restore their access. The use of DDoS adds another layer of complexity to an already stressful situation for an organization that is responding to a ransomware attack involving exfiltration and encryption of their data.ĭDoS attacks against a victim already under a ransomware attack can easily disorient security teams and make it more difficult for the organization to access their critical data and systems, and to respond effectively to the ransomware attack. Loss of access to critical data and systemsĬombining DDoS attacks with a ransomware attack makes the triple extortion attack even more devastating to an organization.
0 kommentar(er)
