Double Encryption: When Ransomware Recovery Gets Complicated




Ever hear of double extortion? It’s a technique increasingly employed by ransomware attackers. A malware payload steals a victim’s plaintext information before launching its encryption routine. Those operating the ransomware then go on to demand two ransoms — one for a decryption utility and the other for the deletion of the victim’s stolen information from their servers. In doing so, ransomware actors hope to trap all their victims into paying up. Backups can help to negate the need for a decryption utility, the logic goes, but they mean next to nothing in the aftermath of data theft. Take a look at how to defend against double extortion and double encryption as attackers double down.


Double Extortion: A Means to an End for Ransomware Attackers


What makes double extortion so useful is that it is a means to an end, not an end unto itself. Just look at what ransomware actors have done with double extortion since its inception in 2019.


Some have decided to create new attack infrastructure. Take the Maze crew, for example. This group of attackers created its own data leaks website for publishing the data of victims who refused to pay. The group also formed a cartel with other ransomware gangs, an arrangement that featured shared use of its data leaks website as a central benefit. (Attackers’ experience of using Maze’s double encryption apparatus also helped other actors like the LockBit crew to register their own website.)


Others have elected to weaponize double extortion for the sake of repeat ransom demands. All this requi ..

Support the originator by clicking the read the rest link below.