Double Extortion Evolves Into Triple

Double Extortion Evolves Into Triple

Ransomware gangs are anticipated to rake in $20 billion in attacks across the globe in 2021. Ransomware gangs are constantly evolving and adopting new tactics to maximize their profits. 

Last year, someone came up with double extortion – when ransomware gangs do not only encrypt the data but save it so that they can later threaten the victim to make it public unless they pay a ransom. This year, we have seen the first triple extortion incidents.

Major attacks between the end of 2020 and the beginning of 2021 point have added a new step in their extortion process. Attackers now put pressure on third parties linked to the victims, as new leverage for getting paid off. They may contact the victim’s service providers, business clients, and external colleagues, as threaten them that they would be impacted by the data breach unless they pay.

The first attack of this kind came was the attack on Vastaamo clinic in October 2020. The breach lasted for a year and lead to a ransomware attack and patient data theft. In addition to a hefty ransom from the healthcare provider, the attackers demanded individual ransoms from the patients.

Another notable example is an attack by REvil (Sodinokibi) gang in March. They started leveraging DDoS attacks and VOIP calls to journalists and business partners of the victims to force them into paying ransoms. 

Check Point researchers say the healthcare sector is going to be the most affected sector. It already receives an average of 109 attack attempts every week, while 1,000 healthcare and utility entities were targeted in the first trimester of 2021, which is a 21% increase, according to the researchers.

The legal and insurance sectors are expected to be other top targets. The majority of attacks are carried out on organizations based in Asia Pacific. Africa has seen the largest increase of 14% this year.

Check Point researchers have provided recommendations on how to deal with the new threat of triple extortion in their blog post.


About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.