Double-extortion attacks are increasing: The attack not only encrypts the data and extorts a ransom, but also steals data that will be published if payment is not made. These attacks pose challenges for companies and pose major financial risks.
More than half (57 percent) of the companies surveyed in Germany paid a ransom for encrypted data after a ransomware attack, according to figures from the latest Zero Labs Report. Only 24 percent of them were able to recover all data using the attackers' decryption tools after payment. Even more annoying: collecting a ransom once is no longer enough for most cybercriminals, which is why they rely on additional data exfiltration.
Attacked once, blackmailed twice
The “double” refers to the attackers demanding payment not only for decryption, but also for not publishing the previously stolen data. This increases the financial and psychological pressure significantly and makes these attacks very costly.
In order to better protect their data from double or even simple extortion, companies can reduce their attack surface.
Seven tips to protect yourself from Double Extortion Ransomware
- Make data security a top priority: The focus of cybersecurity is usually on infrastructure rather than data. Prioritizing infrastructure is important, but not sufficient. Data security must be a priority as part of a holistic cybersecurity strategy to effectively counter modern cyberattacks.
- Identify sensitive data: If all data is treated equally, sensitive data will not be evaluated correctly. Is it a Word file with insensitive data or does it contain sensitive information such as customer payment details? Was a sensitive data record from a file also sent via email? Prioritizing data enables more effective defensive posture.
- Identify access rights: Do or did only legitimate people and teams have access? Is there multi-factor authentication? The zero trust idea is recommended here. This assumes that all users, devices and applications may be compromised, requiring them to continually prove their legitimacy.
- Remove outdated data: If data has not been used for months or years, its relevance should be clarified. Old documents can be important, but they can also contain sensitive data. Unnecessary data should not be retained.
- Detect data movements: Attackers usually focus on one area and exfiltrate the data there before moving on. That's why it's important to be transparent about data movements and other irregular activities. If irregularities are detected early, damage to data or systems can be prevented. It is important to be able to monitor data movements across SaaS, cloud and on-premises in hybrid environments.
- Stay Ahead of Data Growth: The amount of data grows every day – including sensitive ones. Organizations should therefore track the extent of data growth in their on-premises, cloud and SaaS applications. What's important here: Assess sensitive data within and between these areas and determine whether the data is moving in the right direction, for example through approved workflows.
- Name a data owner: Companies often do not know who is responsible for data monitoring and defining and enforcing data strategy because this role has not been established. A data owner takes on this role, continuously assesses the organization's risks and reports to management.
About rubric Rubrik is a global cybersecurity provider and pioneer of Zero Trust Data Security™. Organizations around the world rely on Rubrik to ensure their business continuity and protection from cyberattacks and malicious insiders. The Rubrik Security Cloud solution secures data regardless of where it is actually located: on-premises, in the cloud or in a SaaS application.