Double Extortion Ransom Attacks: What is it and what can I do to prevent it?

Due to the increased use of technology ransomware attacks have steadily been on the rise. The attacks can compromise your device or server and they will request a large payment to be sent to them before they will restore your device or server. They will hold your data for ransom at an average of $1 million dollars in total costs each time.

Since ransomware attacks have become more common, the types of techniques have also increased. There is one type, double extortion, that has the potential to impact all organizations across a specific industry. This technique is similar to a typical ransomware attack but the victim must pay the ransom to restore their technology and data and also pay more to ensure the data doesn’t get shared publicly online. Double extortion can be extremely worrisome because these attacks can cause more pressure on an organization and force them to pay the ransom more often to protect their data.

Double extortion attacks start out similarly to other ransomware attacks by the cybercriminal gaining access to the victim’s device or server, they can do this with phishing scams, nonsecure websites, or corrupted attachments. Once they have gained access they are able to compromise the technology and encrypt data that is stored on it.  Next, the cybercriminal will make their demand of how much ransom they want and give them details about what will happen if they don’t comply.

Healthcare facilities, financial institutions, large retail businesses, and government organizations are more likely a target of this type of attack because they store a significant amount of sensitive data. Since most organizations like this understand the risk of losing sensitive data they typically store it in more than one place, but they still can’t risk having that data shared because their reputation could suffer, they would likely pay fines, and have class action lawsuits brought against them.

The true problem with this type of attack is even if you do pay the ransom, the cybercriminal could still share the data or even sell it to other attackers for future attacks. There is no way to guarantee that when you do what they ask they will comply with their end of the bargain.

Since this risk is so high it’s more important than ever to keep your data protected and prevent ransomware attacks. Most organizations now will conduct training about how to detect it and implement policies to ensure employees aren’t on nonsecure websites but until the employees truly understand the importance of the issue many won’t take it seriously.

The best thing you and your organization can do right now is to implement a cyber incident response plan. The plan must explain in detail different ransomware and double extortion attacks and have step-by-step details on how employees should react to limit the amount of damage that is caused.

Finally, and what Insgroup can do to help you and your business arms you with the appropriate insurance coverage. Having a dedicated cyber insurance policy is crucial in order to provide you with the support and resources that you’ll need if/when an attack occurs. For any additional risk management tools or solutions please reach out to your local Insgroup Risk Advisor today.