Double-Extortion Ransomware Attacks Surged in 2020

Double-extortion ransomware attacks exploded in 2020, according to F-Secure’s Attack Landscape Update report.

The tactic involves threat actors stealing data from organizations in addition to encrypting files. This means that, as well as demanding a ransom to decrypt data, attackers can later threaten to leak the stolen information if an additional payment is not made.

The researchers observed that by the end of 2020, 15 different ransomware families had used this double-extortion approach, which compares to just one in 2019. Additionally, it was found that nearly 40% of ransomware families discovered last year utilized this ransomware method.

Commenting on this trend, Calvin Gan, a senior manager with F-Secure’s Tactical Defense Unit, explained: “Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information.

“Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we’re already seeing with the recent MS Exchange vulnerabilities.”

The study also outlined a number of other significant cybersecurity trends that took place in 2020. There was a tripling in the use of Excel formulas to obfuscate malicious code in the second half of 2020. In regard to phishing attacks, the most popular brand spoofed in emails was Outlook, followed by Facebook Inc. and Office365, while web hosting services made up nearly three-quarters of domains used to host phishing pages.

In a retrospective analysis of notable supply chain attacks from the last 10 years, F Secure high ..

Support the originator by clicking the read the rest link below.