How to Protect Your Organization?

Triple Extortion Ransomware

Ransomware strikes businesses every 11 seconds. The ransomware attack volume is already at record levels, but we’re hearing it’s only getting worse.  

As some victims managed to take precautions and refused to pay the ransom, attackers began to add more layers to their attacks. 

Double extortion ransomware became a common tactic in 2021. But in 2022, the attackers presented an innovation in their attacking technique called triple extortion. 

What is triple extortion ransomware attack, and how to protect your business? Read on to find out. 


What is Double extortion ransomware?

It is becoming increasingly common for attackers to use ransomware to extort money from businesses and individuals. This type of cybercrime is called “double extortion.”

Here the criminals encrypt the victim’s data and threaten to release it publicly if a ransom is not paid. 

As soon as the attacker exfiltrates the data they wish to leverage, they launch the encryption attack. Next, the attacker threatens to expose the data, possibly selling personal data about customers. 

In most cases, even organizations that have paid the ransom have found their data to be leaked. 

In September 2022, SunCrypt ransomware used DDoS as an additional attack layer. Attackers threaten to overwhelm the victim’s server with traffic if the ransom is not paid. 

Malicious actors like Avaddon and REvil soon started to follow the same tactic.   Adding DDoS extortion attacks is expected to continue, given the increased use of IoT devices and the surge in bitcoins. 

What is Triple Extortion Ransomware Attack?

In triple extortion, attackers demand payment from the company that was initially compromised and those whose information was stolen.

The first case of triple extortion was observed when Vastaamo, a Finland-based psychotherapy clinic, was breached. Even after the clinic paid the ransom, attackers threatened the therapy patients with releasing their session notes.

Another instance of triple extortion occurred last year when the attacker targeted Apple after their first victim, hardware supplier Quanta, refused to pay. 

In this case, criminals proved they could compromise key suppliers if they gained leverage over the initial victim.

Remember, such an assault can cause irreparable damage to the reputation of any company, regardless of the industry.

Leading Causes of Double and Triple Extortions

The main factors that contribute to the increase in double and triple extortions include:

  • The proliferation of ransomware-as-a-service (RaaS) platforms has made it easier for attackers to launch these attacks. 
  • Using cryptocurrency has made it more difficult for law enforcement to trace and track payments. 
  • The emergence of new ransomware strains specifically designed for double and triple extortions. 

Who is vulnerable to Triple extortion ransomware?

Attackers targets companies with inadequate cybersecurity solutions and less mature security teams. They also prey on companies that can pay the ransom demands.

The most obvious targets for ransomware operations are companies and organizations that store client or customer data.  

Whenever a corporation owns or controls important data or is connected to one, they risk triple extortion. 

How to prevent triple extortion ransomware attacks?

Many ransomware attacks remain undetected and unreported until they reach the domain controller. A detection-centric approach will only warn businesses of attacks that are already underway. The most effective course of action is prevention. 

Here are effective ways to prepare against triple extortion attacks:

Keep your network secure

Double extortion ransomware uses the same methods to access your network as traditional ransomware. To prevent initial access to a network, train employees on security awareness, establish password policies and implement multi-factor authentication. 

Run vulnerability assessments and patch known vulnerabilities regularly to avoid compromise. 

Back up Data

If an attacker infiltrates your network, an offline backup can protect you from the first part of a ransomware attack: data recovery. 

Furthermore, encrypt your data to prevent a double extortion attack. It ensures that, if stolen, the ransomware group cannot read it.

Cyber Threat Intelligence

Threat Intelligence is a key pillar in the cyber security stack. Gathering information related to cyber threats provides insights into threat actors and methodologies that could impact your business. 

Stay ahead of the latest threat intelligence to detect and analyze threats. Hunt for signs of compromise that lead to a ransomware attack. 

Proper DDoS Protection

The DDoS attack is now on the list of services the RaaS operator offers. You should protect your company’s network and server with a DDoS security solution. It tracks the incoming traffic, identifies the malicious requests, and diverts them away from your network and server. 

With sophisticated techniques, attackers are dispersing their DDoS attacks. Indusface offers DDoS protection solutions, enabling you to customize mitigation thresholds to isolate and block attacks. 


Cybercriminals continue to evolve their attack techniques; you can’t fall behind and expose your assets. 

If you are at risk of a triple extortion attack, paying the ransom is not the way out. Focus on preventing and mitigating attacks as they happen. 

The best solution would be to prevent the attack from happening in the first place. A comprehensive ransomware resilience plan is essential for preparation, prevention, and response.

Source link