When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Companies Can Prepare for Double Extortion Ransomware in Seven Ways
Chris Swagler | July 19th, 2023
The volume and size of cyberattacks continue to rise, straining companies’ ability to comprehend and prioritize various threats, including double extortion. According to a most recent report, malicious actors attempted to interfere with their data backups during a cyberattack on nine out of ten external (non-Rubrik) companies, with 73% being at least partially successful. Almost three-quarters (72%) of the identical companies reported paying a ransom for encrypted data, yet only 16% of companies that paid recovered all their data. Additionally, research from a cybersecurity company discovered that in 2023, 70% of ransomware incidents featured data theft and encryption, up from around 40% in mid-2021. Security professionals may believe they have planned ahead of time to combat double extortion ransomware. They’ve taken immutable data snapshots, hardened the infrastructure, established a SIEM, and gone all-in on other technology tools to combat double extortion ransomware. If malicious actors encrypt production data and attempt to hold it hostage, the team has established the ideal, resilient response. Cybercriminals made their moves and investments in a never-ending game of cat and mouse.
Expanding the Attack Vector of Double Extortion Ransomware
A particularly difficult sort of malware, known as “double extortion,” ransomware, has expanded in severity and prevalence. Ransomware typically encrypts victims’ data. Threat operators will demand a ransom in exchange for the decryption key to the data. Once companies that have been breached pay the ransom, the companies receive the key, and the attacks are resolved. There’s now a second level of extortion. The term “double extortion” refers to the fact threat operators not only demand payment in exchange for the decryption key but also threaten to release the stolen data if companies don’t comply. To force victims to pay, cybercriminals double the pain. Double extortion ransomware attacks are becoming more regular and are frequently highly expensive.
The Challenge Ahead
Combating double extortion ransomware has become far more complex than simply defending against encryption events. If security teams are focused on limiting the impact of encryption, infrastructure-driven efforts may be prioritized. It would allow companies to implement proactive protections that would prevent attacks from occurring in the first place. It’s a critical component of strategic cyberattack planning and ensuring companies have the appropriate readiness measures in place. However, being able to restore the data doesn’t help prevent it from being stolen. Companies need to focus on the following seven ways to secure data to achieve full cyber resilience against double extortion ransomware:
Seven Ways to Secure Data to Prevent Double Extortion
Making Data Security A Priority for Companies – It may sound apparent; however, companies often see a far greater emphasis on infrastructure and much less on data. While infrastructure security is vital, it’s no longer sufficient. Companies must emphasize data protection as part of their comprehensive cybersecurity plan to effectively counter modern cyberattacks.
Identifying the Most Sensitive Data – Not all data are created equal; if all data are treated the same, sensitive data may not be adequately evaluated. Does intellectual property protect it? Customer payment information? Patient data for healthcare companies? Employees’ sensitive information, including social security number and bank account for direct deposits of paychecks? Data prioritizing enables significantly more effective defensive postures.
Discovering Who Has Access to the Data – Are They the right individuals and teams? Is multifactor authentication used? Zero-trust is used here, a system architecture that assumes all users, devices, and applications are untrustworthy and willing to compromise.
Removing Stale Data – If no one touched the data in six months to a year, it’s worth considering if it’s still required. While potentially important, older documents may also contain harmful data, so companies may not need to keep them if they no longer serve a purpose.
Ensuring Companies Can View Data Moving Across their Environments – Typically, threat operators will travel from one site to another. They’ll focus on one location and exfiltrate the data before moving on. That’s why transparency on data flows and other irregularities is vital. If the team can detect inconsistencies early on, it may be able to stop cybercriminals before they cause harm to data or the environment. This phase has always been critical, but in today’s hybrid environments, the ability to track data migration across SaaS, Cloud, and on-premises is vital.
Getting Ahead of Data Growth – Most companies are unprepared for the idea that they will have more data tomorrow than they do now, and they’re often astonished by how much of the data is sensitive. Companies should monitor data volume increase across on-premises, cloud, and SaaS applications. They should also examine the sensitive data within and across each area. Companies need to determine whether data goes in the expected direction through traditional data migration or approved workflows.
Designating Data Ownership – After all of this, who’s in charge of protecting their companies’ data? Employees frequently don’t know who’s accountable for developing and enforcing data strategy because numerous companies don’t have the job created. The job needs to be filled by one business stakeholder who will identify organizational risks and present them regularly to leadership.
A data security solution that assists companies in identifying sensitive data, where it’s located, and who has accessed it’s critical. It gets more complicated when companies have a mix of on-premises, multi-cloud, and SaaS systems, each with enormous amounts of unique data. A sophisticated investigation tool that clearly and quickly determines who has access to data, where that data is stored, and what the data contains provides more comprehensive protection against double extortion ransomware and other types of attacks. With an extensive knowledge of companies’ data, teams will be able to restrict the damage that external malicious actors can do to companies. At SpearTip, our certified engineers are working continuously at our 24/7/365 Security Operations Center, monitoring companies’ data networks for potential ransomware attacks, and are ready to respond to incidents at a moment’s notice. Our remediation team focuses on restoring companies’ operations, isolating malware to reclaim their networks, and recovering business-critical assets. Our ShadowSpear Platform, an integrable managed detection and response tool, exposes sophisticated unknown and advanced threats with comprehensive insights through unparalleled data normalization and visualizations.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
ShadowSpear Platform
Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
ShadowSpear Demo
Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.
