According to a recent study by RUSI, there were 1,200 double extortion ransomware incidents in 2020 alone, across 63 different countries. There were 1,200 double extortion ransomware incidents in 2020, across 63 countries, with over 60% of these aimed at the US and the UK.ĭespite new legislation being written regularly to try and mitigate these attacks, they aren’t slowing down. Other strains soon followed, with the Sodinokibi attack - which crippled foreign exchange company Travelex - occurring on the final day of that year.īy mid-2020, hundreds of organizations were falling victim to double extortion attacks, various websites on the dark net were leaking company data, and the Ransomware-as-a-Service business was booming as developers sold and rented new types of malware.įurthermore, cyber security regulations started being weaponized by cyber-criminals who could leverage the threat of having to pay a hefty compliance fine (CCPA, GDPR, NYSDFS regulations) to encourage their victims to keep quiet by offering them a ransom smaller than the penalty fee. In late 2019, Maze ransomware emerged as the first high-profile case of double extortion. Suddenly, all those backups and data recovery plans became worthless. This means that if the company refuses to pay up, information can be leaked online or sold to the highest bidder. Now, rather than just encrypting files, double extortion ransomware exfiltrates the data first. Yet in turn, cyber-criminals have also adapted their techniques. More emphasis was placed on backups and restoration processes, so that even if files were destroyed, organizations had copies in place and could easily restore their data. However, after the infamous WannaCry and NotPetya ransomware campaigns over 2017, companies ramped up their cyber defense.
#Whats extortion code#
The traditional story of ransomware was one of malicious code rapidly encrypting files with public-key RSA encryption, and then deleting those files if the victim did not pay the ransom.
So, what is it, and why has it become so popular? What is double extortion ransomware? Now, over 16 ransomware groups actively utilize this tactic.
A year and a half ago, ‘double extortion’ ransomware was being used by only one known threat actor.