Double extortion ransomware is a new and upcoming ransomware technique that leaves its victims in a quandary.

So, what is double extortion ransomware, and how did it originate?

What happens during these attacks?

Man sitting in front of a computer that has ransomware.

And are there ways that can help protect you against them?

Double extortion ransomware follows a “pay-now-or-get-breached-later” methodology.

What Happens During a Double Extortion Attack?

Man typing on a laptop

This two-pronged attack exfiltrates and encrypts the victim’s data simultaneously.

So, it provides extra leverage to the cybercriminals to collect the ransom money.

In the initial sequence of attacks, the cybercriminals get hold of a victim’s online grid.

Zero-trust image

They do this by employing several tactics, including phishing, malware, and brute-forcing an RDP server.

The high-valued assets are then transferred to the criminal’s storage online grid.

The final phase of double extortion ransomware entails encrypting the data and demanding a ransom.

multiple devices for authentication

In 2019, cybercriminals carried out an attack on Allied Universalan American security systems and services provider.

Another double extortion ransomware that made the headlines was on the Colonial Pipeline in May 2021.

The gang named DarkSide carried out this attack and stole 100 GB of data.

photo of employees in training

Related:Who Was Behind the Colonial Pipeline Attack?

Here are some tips that can protect you from becoming a victim:

1.

In a zero-trust policy, every outside entity is deemed hostile until proven trustworthy.

Only bare minimal access to resources is granted.

Related:How Can Zero-Trust Security Prevent Ransomware Attacks?

check that your organization invests in a ransomware insurance policy, especially one that covers double extortion ransomware attacks.

Patch Known Vulnerabilities

To mitigate ransomware attacks, you must patch vulnerabilities as soon as you notice them.

This provides a window of opportunity to remediate any primary infection.

Monitor Data Logs

Ensure that your company monitors data logs.

Monitoring of your data logs can detect any unusual activity or data exfiltration attempts.

This ensures that the entire organization is on the same page when it comes to mitigating ransomware attacks.