From Encryption Ransomware To Extortion Ransomware Part I

What is extortion ransomware?

We are all familiar with the ransomware model – encryption malware corrupts your files and demands cryptocurrency for the decryption key – and this has proved a very successful criminal way of making money from victims. (UK Government. 2022). I have recently completed a short mini-series looking at ransomware and what organisations need to be doing about it, (Ransomware – A Primer). However in that series I concentrated on encryption malware and only briefly touched on the evolution of ransomware to extortion ransomware – the exfiltration of data before encryption and the subsequent extortion of more ransom to not expose this data for sale or release it into the public domain.

So what should you do about this double attack?

Protect the most important credentials. This is the first, the most obvious and the most abused bit of advice I can give you.

So what does this mean? For the threat actors to get access to your information they need credentials to move around those systems – the gold standard credentials they would like to have are any with global administrator or root access – basically unlimited access to everything. These and other admin level accounts are the ones that require extra care and attention.

What did I mean by “abused” above? I have lost count of the times we have gone to a new client, only to discover that the boss, the bookkeeper or the person in sales is using the global administrator account for their day-to-day working, because it is easiest and they do not understand the risk they are taking!

Use MFA

It is a while since we have discussed multi-factor authentication, but it still remains the quickest and best fix to protect credentials. It has its issues but it is still fit for purpose – and that purpose is to stand between your information and the possibility that a threat actor has valid credentials – MFA will alert the user to unauthorised access. Knowing this you can do something about it.

MFA everywhere

If a system offers MFA then use it. If a system does not have MFA then consider whether using it is worth the risk!

Next

Short and to the point today. I am going to expand on this topic over the coming articles. Next double jeopardy double checks…


Clive Catton MSc (Cyber Security) – 
by-line and other articles

References

Connolly, L. Y., Lang, M., Taylor, P., & Corner, P. J. (2021). The evolving threat of ransomware: From extortion to blackmail.

UK Government. (2022). Cyber Security Breaches Survey 2022.  Retrieved 20 March, 2023, from https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022

Further Reading

Ransomware – A Primer – CyberAwake

Extortion only – no encryption – Smart Thinking Solutions

Photo by Sora Shimazaki