Malware: protecting your data against “double extortion”

Ransomware is well known in corporate networks because it poses colossal risks and often requires significant and costly recovery efforts. Successful ransomware attacks can result in system lockouts, identity theft, and data hostage, all of which can wreak havoc on targeted organizations.

When the ransomware reaches its target, the malware encrypts files and spreads system-wide to maximize the damage, forcing many companies to lock down networks to stop the spread.

New forms of attacks

While encryption is used everywhere, it should not be confused with hashing* or obfuscating files which are useful to evade detection tools, while ransomware takes data hostage because of encryption. Each company uses different types of cryptography such as modern symmetric cyphers (which corresponds to a cryptographic suite) or asymmetric ciphers, with the objective of preventing any intrusion operation.

Many ransomware strains deliver a special message to the victim organization after data encryption, tricking companies into paying cybercriminals a ransom (most often in bitcoins) to decrypt the files. Note, however, that some forms of ransomware are decryptable and the ransom payment can be avoided. For example, Jigsaw is an old form of malware that appeared in 2016, which contains the key used to encrypt files in the source code. This type of attack was also observed again this year in Morse code. Cybercriminals therefore continue to use old methods that still work. It is therefore important for companies to become aware not only of evolving threats, but also of already proven methods of attack.

 The rise of the threat of double extortion

Recent attacks do more than just encrypt data as evidenced by the cybercriminal group Lockbit 2.O which recently threatened to release the data of 9,800 files it claims to have stolen from the French Ministry of Justice. Malware is also capable of exfiltrating critical information before encryption. As ransomware protection improves, including data removal and recovery strategies, hackers use stolen data so they can continue to threaten victims if they don’t pay the ransom, creating a double ransomware threat.

See also  Authy – The Best Multi-Factor Authentication App

Cybercriminals have therefore adopted a “double extortion” model and some even practice data disclosure blackmail in certain cases where the company refuses to pay the ransom. For victimized businesses, this can pose a risk of major breaches of EU GDPR regulations and data privacy laws. The Conti and REvil ransomware groups listed among the most dangerous malware in 2021, for example, are known to publish leaked data on the Darknet if ransoms are not paid.

Cyber-resilience at the heart of business strategy

The backup strategy is a fundamental pillar of a company’s cyber-resilience, it gives it the ability to resist attacks and guarantees continuous access to data. However, clearly listing and identifying business needs and regularly testing procedures is essential to avoid massive outages at the worst possible time.

Data protection is critical for companies, so it is essential to take stock of the situation and establish, for example, the link between the data and the business operations of the company, for example. This makes it possible to assess the criticality of the organization’s data and to set up a data archiving system accordingly. In addition, data backup must be framed and comply with the legal frameworks governed by the General Data Protection Regulations (GDPR).   

Cybercriminals will continue to refine their approaches and experiment with different business models as ransomware attacks put enormous pressure on the availability of services and data streams. These adversaries will no doubt continue to seek additional ways to pressure victims to maximize their chances of getting paid, but businesses can safeguard their data and information systems by deploying strong cyber resilience practices today. today.

See also  What is cyber warfare ?

* Hash is a particular function which, from a given input, calculates a digital fingerprint used to quickly identify the initial data, in the same way as a signature to identify a person

Op-ed by Mathieu Mondino, Cyber ​​Threat Expert at Carbonite Webroot, a division of OpenText Business Solutions.

If you liked this article, please subscribe to our reddit community to discuss it. You can also find us on Twitter and Facebook.

5/5 - (1 vote)

Newsletter Updates

Enter your email address below to subscribe to our newsletter

Leave a Reply