Ransomware attacks have been a significant issue for organizations in recent years as more and more malware gangs become adept at extracting money, usually in the form of cryptocurrencies, from businesses.
New research from Venafi shows us how ransomware is evolving over time to become more sophisticated and, crucially, harder to mitigate.
According to its survey of 600 IT workers across the US, UK, France, and Germany, attacks are increasingly using new threats to scare organisations into complying.
Double extortion
The study found 83% of successful ransomware attacks now include alternative extortion methods to try and squeeze money out of their victims.
This includes 38% of ransomware attacks using stolen data to extort customers, 35% threaten to expose data on the dark web, and 32% inform customers their data has been stolen, relying on the implicit threat contained within.
Worryingly, 18% of those who paid the ransomware demands still had their data exposed on the dark web. Only 8% refused to pay the ransom and faced the consequences – and a stunning 35% of victims who paid were still unable to access their data.
“Ransomware attacks have become much more dangerous. They have evolved beyond basic security defenses and business continuity techniques like next-gen antivirus and backups,” said Kevin Bocek, vice president of business development and threat intelligence at Venafi.
“Organizations are unprepared to defend against ransomware that exfiltrates data, so they pay the ransom, but this only motivates attackers to seek more. The bad news is that attackers are following through on extortion threats, even after the ransom has been paid! This means CISOs are under much more pressure because a successful attack is much more likely to create a full-scale service disruption that affects customers.”
On the rise
Ransomware has been a menace for companies for several years but the increase in value of cryptocurrencies, the main vector through which attackers get paid, seems to only have increased the devastating practice.
The study found nearly three-quarters (72%) of those surveyed agreeing ransomware attacks are evolving faster than the security controls needed to protect against them.
As a result, 76% of companies said they planned to spend more in 2022 on ransomware-specific controls due to the threat of double and triple extortion.
Such attacks lock up internal IT systems and then extort organisations into giving them large quantities of currency to return data and control.
A recent example came from the REvil gang, which at one point was dominating the global ransomware scene. The risks are clear, however: REvil was taken off-line by a multinational law enforcement effort.
