Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Double Extortion Ransomware: What It Is and How to Respond

New attack methods in the cybersecurity landscape continue to emerge in the digitally driven world. One type of attack—double extortion ransomware—made headlines in 2020 and poses a serious risk for businesses with valuable or sensitive data. 

What is Double Extortion Ransomware? 

Having some background on traditional ransomware is crucial to understand double extortion. Ransomware is a type of software designed to restrict access to a computer system until the user agrees to make a ransom payment. 

Cybercriminals use encryption to block users from accessing their sensitive data until they pay the ransom, which is often a hefty one. It might seem like making a one-off payment is worth it to retrieve information, but there are rippling consequences organizations deal with post-attack. Double extortion ransomware, as its name suggests, is very similar to standard ransomware, except it takes the attack to the next level, upping the ante for users. 

In double extortion, cybercriminals encrypt sensitive user data and threaten to publish it on the dark web, sell it to the highest bidder, or permanently restrict access if the ransom is unpaid by a deadline. Organizations can often recover lost information from previous backups, but it’s much more difficult to stop sensitive data from being leaked after this attack. 

Who is Susceptible to Double Extortion Ransomware Attacks? 

Virtually anyone can become a victim of a double extortion ransomware attack. As more data is generated worldwide, threat actors will use any means necessary to make a profit. Therefore, everyone should be on the lookout for a potential double extortion attack, especially as they increase in frequency and intensity. 

Organizations with highly sensitive or valuable information should be even more vigilant. Since cybercriminals threaten to publish this data to the highest bidder or destroy it, susceptible businesses often suffer far-reaching implications. 

Here are some of the common industries working with sensitive data that should identify double extortion ransomware as a serious threat: 

  • Government
  • Healthcare
  • Education
  • Critical infrastructure
  • Finance and banking
  • Cryptocurrency 

Other industries should acknowledge the risk of double extortion if they work with highly valuable or sensitive data. 

Preventing and Responding to Double Extortion Ransomware Attacks

The ultimate goal is for companies to prevent all double extortion ransomware attacks. However, that goal is not always achievable. These attacks are increasingly common, meaning they can negatively affect any business. Follow these response recommendations from the Cybersecurity and Infrastructure Security Agency (CISA) if a double extortion ransomware attack impacts your company: 

  • Determine which systems were affected by the attack and isolate them.
  • Power down systems to prevent further damage from ransomware infections.
  • Triage impacted systems and implement your information technology (IT) department’s incident response and recovery plans.
  • Document an understanding of the attack, the ransom demands, and how to move forward.
  • Engage internal and external teams, stakeholders, and customers to adopt a spirit of transparency and mitigate further issues. 

These basic suggestions will not help you decide whether or not to pay a ransom, but they should guide you on what to do if an attack occurs. More companies become aware of emerging cybersecurity risks as new best practices regarding cybersecurity come into the spotlight. Thankfully, organizations can protect themselves from double extortion. 

Leverage Comprehensive Cybersecurity Tools 

Ransomware attacks are increasing daily, so organizations must leverage all the cybersecurity tools available to protect themselves. Many companies are making digital transformations, so now is the time to ensure all data is protected and as secure as possible. Companies can use several top vulnerability management tools with critical cybersecurity features to fend off cybercriminals. Some of those features include: 

  • Penetration testing
  • Endpoint protection
  • Proof-based scanning
  • Vulnerability detection
  • Compliance processes 

Using the best cybersecurity tools and practices allows organizations to remediate vulnerabilities and other security weaknesses that cybercriminals could exploit. 

Use Data Encryption, Backups, and Prioritize Employee Training 

Data loss is something no company wants for their business, but it can happen as a result of a cybersecurity incident. Organizations should use data encryption tools to protect their highly sensitive information. Encryption is a surefire way to manage double extortion risks and prevent unauthorized access to data by threat actors. 

It’s also vital to prioritize employee security training to prevent double extortion attacks. The average worker could become an easy target for threat actors, as they might lack the knowledge to avoid potential attacks. Mandated cybersecurity training for all employees is crucial to a company’s overall security strategy. Plenty of free resources are available online to help people learn about threats. Use free or low-cost learning tools to educate departments about fending off attacks. 

Defend Against Double Extortion Ransomware Threats 

Ransomware is a well-documented, common threat many businesses can defend themselves against. However, cybercriminals are becoming increasingly sophisticated, whether using the latest technology to launch attacks or targeting high-value organizations. Double extortion ransomware threats are serious risks companies must be aware of in today’s evolving cybersecurity landscape. Follow these recovery tips and prevention strategies to protect your organization.

Zac Amos
Zac Amos
Zac Amos is the Features Editor at ReHack, where he covers trending tech news in cybersecurity and artificial intelligence. For more of his work, follow him on Twitter or LinkedIn.

Related Posts

Securing Industrial Networks Can–And Should–Be Simple

A version of this blog originally appeared on Cisco
Andrew McPhee Jan 24, 2023 5:30:00 AM

Double Extortion Ransomware: What It Is and How to Respond

New attack methods in the cybersecurity landscape continue to emerge in the digitally driven world. One t...
Zac Amos Jan 17, 2023 5:30:00 AM

Defending Remote-Friendly Environments from Cyberattacks

This blog has been repurposed from the December 2022 issue of InTech
Damon Purvis Jan 10, 2023 5:30:00 AM