Tag Archive for: “triple

Threat Spotlight: Triple Extortion Ransomware

/in


Executive Overview

Threat actors have escalated the single extortion ransomware attack model to double and even triple extortion. 

With the commodification of cybercrime, adversaries have significantly increased the sophistication levels of their operations, and therefore also the potential devastating impacts of a ransomware attack. 

Flare Director of Marketing Eric Clay and CTO & Co-Founder Mathieu Lavoie discussed the latest trends in ransomware attacks including: double/triple extortion, different types of ransomware, methods for stealing sensitive data, and more.

Check out our full webinar recording, Triple Extortion Ransomware & Dark Web File Dumps, and/or keep reading for the highlights.

Commodification of Ransomware Groups

Ransomware groups are becoming more like companies, such as with:

  • mission-oriented approaches
  • recruitment practices to seek new hires
  • specialization

The Karakurt group, after operating privately for a year, has recently published a recruitment post to attract new members. They pride themselves on their mission to hold companies accountable for existing vulnerabilities in their cybersecurity and for the negligence of their IT staff. These groups can be driven by both financial and political motives, often influenced by the shifting landscape of geopolitics.

In general, there are two distinct types of specialization within such groups. Similar to a company with various departments, a group can have internal specialization. For instance, within a ransomware group, some members might excel in negotiating the ransom, while others primarily focus on developing malware. Another form of specialization involves individual groups having their own areas of expertise, akin to specialized agencies within a larger company. One group might concentrate on distributing ransomware, collaborating with another group that specializes in extortion.

This organized and specialized collaboration among groups can lead to more intricate and scalable operations compared to individual threat actors.

Changes in Ransomware Groups

Ransomware groups are constantly changing their tactics, techniques, and procedures (TTPs) to optimize their strategy. One alarming trend that we’ve…

Source…

Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion

/in


The danger of being hit by a ransomware attack is scary enough, but in many cases, criminals can still extort your business after the ransom has been paid and things have seemingly returned to normal. Double and even triple extortions are becoming increasingly common, with ransomware gangs now demanding additional payments to keep the private information captured in their attacks from being leaked. These added threats are driving up the collective cost of ransomware, which is forecast to reach $265 billion by 2031, according to some sources.

In traditional ransomware attacks, the attackers hijack and encrypt valuable data to force organizations to pay a ransom in exchange for the safe restoration of data and network functionality. CISOs have responded by adopting stronger cyber protections, such as creating secure offsite backups and segmenting their networks, and attackers have quickly evolved to subvert these methods. 

One Extortion, Two Extortion, Three

The cat-and-mouse game that is ransomware took an ugly turn over the past year or so as attackers realized the value that organizations put on not releasing their sensitive information publicly: The brand and reputation hit can sometimes be just as damaging as being locked out of files and systems. Capitalizing on this unfortunate reality, attackers began adding the threat of leaking sensitive data as a follow-up to successful or even unsuccessful ransomware attacks when organizations were able use backups to restore their systems.  

With double extortion being so successful, attackers figured: Why stop there? In cases of triple extortion, attackers threaten to release data about downstream partners and customers to extract additional ransom payments, potentially putting the initial organization at risk of lawsuits or fines 

Some bad actors have even created a search function that allows victims to find leaked data about partners and clients as proof of the datas damaging value. A ransomware operation known as ALPHV/BlackCat may have started this trend in June, when cybercriminals posted a searchable database containing the data of nonpaying victims. The BlackCat gang went as far as to index the data repositories and give…

Source…

Iceland selling McDonald’s Big Mac TRIPLE buns for burger fans

/in

Set to be the burger hack of the summer, Iceland is launching The Big Triple Bun. The offering is a three-layered sesame seed brioche burger bun aimed at helping shoppers recreate fast food classic, …
mac hacker – read more