Double extortion ransomware is a type of cyber attack in which cybercriminals steal sensitive data and encrypt it. Then, cybercriminals threaten to release the stolen data unless the victim pays a ransom. The additional threat of exfiltration makes this type of cyber attack particularly damaging for organizations, as they face the risk of sensitive data being exposed to the public or sold on the dark web.

Continue reading to learn how double extortion ransomware works and how you can avoid this type of attack.

What is ransomware?

Ransomware is a type of malware – or malicious software – designed to prevent users from accessing their files, data and systems until a ransom is paid. Cybercriminals perform this attack by infecting a user’s device with this specific form of malware that purposefully encrypts the data on their device. In return for the user to gain back access, they demand a ransom.

When a cybercriminal is performing a double extortion ransomware attack, they are not only attempting ransomware but also extorting the data beforehand. They leverage this to increase the ransom payment by threatening to use the stolen data against them.

How double extortion ransomware works

Here is a step-by-step explanation of how a cybercriminal performs a double extortion ransomware attack.

1. Hacker gains access to an organization’s system

Before a cybercriminal can perform a double extortion ransomware attack, they must successfully gain access to an organization’s system. Various methods can be used to gain access to an organization’s systems such as phishing attacks, stealing login credentials, a brute force attack or exploiting a vulnerability in software or a device’s operating system.

2. Hacker moves laterally throughout the network

After a cybercriminal enters into an organization’s system, they move laterally throughout the network to gain increased privileged access to sensitive information and data. While doing so, they’ll also look for ways to prevent themselves from being detected.

3. Hacker steals the organization’s data

Once the cybercriminal gains the privileges needed to steal data, they will remove the data from the device and move it outside the organization’s network.

4. Hacker encrypts data and executes ransomware

The cybercriminal will then hold the data hostage and execute the ransomware attack. The data will become encrypted, making it unreadable and inaccessible to the owner.

5. Victim is notified of the attack

As the ransomware attack occurs, the victim will be notified of the attack on their system through a Distributed Denial-of-Service attack (DDoS) in which the victim’s system becomes disrupted. The user will be given instructions to pay a ransom in exchange for their data back. The data should be returned if the ransom is paid, but sometimes cybercriminals still don’t give the data back. If the ransom isn’t paid at all, the data will either be leaked to the public, deleted or sold.

How to avoid double extortion ransomware attacks

It’s always a security best practice to implement prevention techniques for cyber attacks like ransomware. Here are five ways you can protect your organization from becoming a victim.

Adopt zero-trust security

Zero-trust security is a cybersecurity framework that eliminates implicit trust, requiring all users to be authenticated and authorized before gaining access to network systems. By implementing this strategy in your organization, administrators will have full visibility of who’s connected to the network. More visibility and verification greatly reduce the risk of successful cyber attacks.

Invest in a Privileged Access Management (PAM) solution

Privileged Access Management (PAM) is a cybersecurity solution designed to organize, manage and secure accounts with privileged credentials. Since users with privileged credentials have access to highly sensitive information and data, they become valuable targets to cybercriminals. A PAM solution helps reduce this cyber risk as it allows administrators to securely control access to an organization’s most privileged accounts.

Keep software and Operating Systems (OS) up to date

Updating your device’s software and operating system as soon as an update becomes available ensures that your device will be up to date with the latest security features. If you don’t install a software update, you are more vulnerable to cyber attacks because the security flaws on your device are not patched.

Regularly back up data

By constantly backing up your data, your organization is well protected against human error, hardware failure, data loss, viruses and hackers. For instance, if your organization becomes a victim of double extortion ransomware, having your data backed up can help with recovery and potentially avoid having to pay the ransom.

Train employees on how to spot common cyber threats

Start protecting your organization by educating your employees on common cyber threats targeting your industry. For example, train your employees on how to spot phishing scams by sending them simulated phishing emails throughout their employment.

Stay protected against double extortion ransomware attacks

Falling victim to double extortion ransomware is not only frightening but it could lead to serious consequences for your organization. Fortunately, it’s not impossible for organizations to defend themselves against these ransomware threats.

Start protecting your organization from ransomware by implementing Zero-Trust KeeperPAM® to strengthen the management of your privileged users. To learn more about how Zero-Trust KeeperPAM can protect your organization, request a demo today.

Source: Keeper