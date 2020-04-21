f5-nz logo
Story image

Check Point discovers new double extortion ransomeware tactic

21 Apr 2020
Shannon Williams
Share:

A new "double extortion" ransomeware tactic has been discovered by Check Point, in which threat actors add an additional stage to a ransomware attack. 

Prior to encrypting a victim’s database, hackers will extract large quantities of sensitive information, threatening the publication of it unless ransom demands are paid, placing more pressure on victims to meet the demands of threat actors, according to Check Point.

To prove the validity of the threat, threat actors leak a small portion of sensitive information to the dark web, dangling intimidation that more is to follow if ransom goes unpaid.  

The “Double Extortion” Process

1.          Threat actor gains entry into a victim’s network

2.          Threat actor extracts sensitive data, such as customer details, financial and employee details, patient records, and more

3.          Threat actor encrypts the files and demands ransom from victim

4.          Threat actor threatens leak of gathered sensitive data

5.          To prove validity of threat, threat actor leaks small portion of extracted information to dark web

The first published case of double extortion took place in November 2019 and involved Allied Universal, a large American security staffing company, Check Point says.

"When the victims refused to pay a ransom of 300 Bitcoins (approximately US$2.3 million), attackers, who used ‘Maze’ ransomware, threatened to use sensitive information extracted from Allied Universal’s systems, as well as stolen email and domain name certificates, for a spam campaign impersonating Allied Universal," it explains.

 To prove their point, the attackers published a sample of the stolen files including contracts, medical records, encryption certificates and more. In a later post on a Russian hacking forum, the attackers included a link to what they claimed to be 10% of the stolen information as well as a new ransom demand that was 50% higher. 

Maze has since published the details of dozens of companies, law firms, medical service providers and insurance companies who have not given in to their demands. It is estimated that many other companies avoided publication of their sensitive data by paying the ransom demanded.

Check Point says other cybercriminal groups have followed the new double extortion tactic, opening their own sites to publish and leak stolen information as a means to apply additional pressure on their victims to pay ransom. 

Attackers utilising Sodinokibi ransomware (aka REvil) published details of their attacks on 13 targets, as well as proprietary company information stolen from the targeted organisations. The National Eating Disorders Association was the last in the list of victim organisations.

Additional attacks that have joined the trend include Clop ransomware, Nemty, DopplelPaymer and more. Information published on these sites was soon found to be offered for sale by the ransomware group itself or by other criminals who collected the data from the dumpsites.

“Double Extortion is a clear and growing ransomware attack trend. We saw a lot of this during Q1 2020. With this tactic, threat actors corner their victims even further by dripping sensitive information into the darkest places in the web to add weight to their ransom demands,” says Check Point’s manager of threat intelligence, Lotem Finkelsteen. 

“We’re especially worried about hospitals having to face this threat. With their focus on coronavirus patients, addressing a double extortion ransomware attack would be very difficult. We’re issuing a caution to hospitals and large organisation, urging them to back up their data and educate their staff about the risks of malware-spiked emails.”

 Ransomware attacks have affected more than 1,000 health care organisations in the United States alone since 2016, with costs totalling more than $157 million, according to a recent analysis. In 2017, dozens of British hospitals and surgeries were affected by ransomware known as WannaCry, which resulted in thousands of canceled appointments and the closing of some accident and emergency departments. In 2019, several U.S. hospitals had to turn away patients after another spate of ransomware attacks.

Check Point says in the ongoing fight against constantly evolving ransomware tactics, the best defence is to prevent becoming a victim in the first place.

Check Point's best practices to help avoid being a ransomware victim:

1.       Back Up Your Data and Files

It’s vital that you consistently back up your important files, preferably using air-gapped storage. Enable automatic backups, if possible, for your employees, so you don’t have to rely on them to remember to execute regular backups on their own.

2.       Educate Employees to Recognise Potential Threats

The most common infection methods used in ransomware campaigns are still spam and phishing emails. Often, user awareness can prevent an attack before it occurs. Take the time to educate your users, and ensure that if they see something unusual, they report it to security teams immediately.

3.       Limit Access to Those That Need It

To minimise the potential impact of a successful ransomware attack against your organisation, ensure that users only have access to the information and resources required to execute their jobs. Taking this step significantly reduces the possibility of a ransomware attack moving laterally throughout your network. Addressing a ransomware attack on one user system may be a hassle, but the implications of a network-wide attack are dramatically greater.

4.       Keep Signature-Based Protections Up-To-Date

While signature-based protections alone are not sufficient to detect and prevent sophisticated ransomware attacks designed to evade traditional protections, they are an important component of a comprehensive security posture. Up-to-date antivirus protections can safeguard your organisation against known malware that has been seen before and has an existing and recognised signature.

5.       Implement Multi-Layered Security, Including Advanced Threat Prevention Technologies

In addition to traditional, signature-based protections like antivirus and IPS, organisations need to incorporate additional layers to prevent against new, unknown malware that has no known signature. Two key components to consider are threat extraction (file sanitisation) and threat emulation (advanced sandboxing). Each element provides distinct protection, that when used together, offer a comprehensive solution for protection against unknown malware at the network level and directly on endpoint devices.

 

Related stories:
Cybercriminals most likely to impersonate Apple, Netflix in phishing attacks
Latest Ford and Volkswagen smart cars pose 'serious' privacy and security risk
Remote working tips from a cybersecurity advisor
Worrying gap in local consumer cybersecurity savvy
Case study: 40% of password managers vulnerable to breach
Apple rolls out new App Store restrictions in response to COVID-19
Dig deeper:
Story image
Vodafone seeing traffic increasing up to 100% more than February
Vodafone says it has added more capacity and has changed the way it manages voice and data traffic across the network.More
Story image
Game review: Pokémon Mystery Dungeon: Rescue Team DX (Switch)
This is a charming game with a beautiful art style, but it's definitely on the grindy side.More
Story image
Cybercriminals most likely to impersonate Apple, Netflix in phishing attacks
Cybercriminals are most likely to impersonate major global tech companies like Apple, Netflix, Yahoo, WhatsApp and PayPal in order to trick people to clicking links or downloading attachments in malicious phishing emails.More
Story image
Remote working tips from a cybersecurity advisor
The world as we know it is changing, and the “office” is now everywhere. Safety, security and best practices should always be at the forefront of this change, now and in the future.More
Story image
Game review: Final Fantasy VII Remake
We return, once more, to Midgar, with the Final Fantasy VII Remake.More
Story image
Jamf rolls out watchOS device control app for parents
“Parents struggle to balance working remotely and ensuring their children stay on task while learning at home."More
Story image
Vodafone seeing traffic increasing up to 100% more than February
Vodafone says it has added more capacity and has changed the way it manages voice and data traffic across the network.More
Story image
Game review: Pokémon Mystery Dungeon: Rescue Team DX (Switch)
This is a charming game with a beautiful art style, but it's definitely on the grindy side.More
Story image
Cybercriminals most likely to impersonate Apple, Netflix in phishing attacks
Cybercriminals are most likely to impersonate major global tech companies like Apple, Netflix, Yahoo, WhatsApp and PayPal in order to trick people to clicking links or downloading attachments in malicious phishing emails.More
Story image
Remote working tips from a cybersecurity advisor
The world as we know it is changing, and the “office” is now everywhere. Safety, security and best practices should always be at the forefront of this change, now and in the future.More
Story image
Game review: Final Fantasy VII Remake
We return, once more, to Midgar, with the Final Fantasy VII Remake.More
Story image
Jamf rolls out watchOS device control app for parents
“Parents struggle to balance working remotely and ensuring their children stay on task while learning at home."More
Story image
COVID-19: Contactless payment limit increased to $200
PaymentsNZ says the change will be progressively rolled out ‘over the coming days’, but may take weeks in some cases due to the number of cards, payment terminals and businesses involved. More
Story image
Canalys: Apple hardest hit by PC pandemic shock
Of the top five PC vendors, Apple was hit hardest in Q1 as its shipments fell by over 20% to 3.2 million units.More
Story image
Hands-on review: Skull & Co GripCase Bundle for Nintendo Switch
As soon as I unboxed the GripCase Bundle, it was obvious that the product was of high quality, and that the team at Skull & Co seemed to have thought of everything to maximise comfort and extended handheld playability.More
Story image
OPPO spearheads 5G with video calls over new network
The Chinese vendor has partnered with Ericsson and MediaTek to conduct voice and video calls entirely over a 5G connection.More
Story image
How a coding school in Vietnam is thriving after moving entirely online
The business is based in Vietnam, where a comparatively small 241 people have been infected by COVID-19 and none have died, but moved their entire operation online anyway.More
Story image
Kiwi startup announces 2020 launch of rental marketplace app
The app, which will allow New Zealanders to lend and rent everyday items, helps in the effort to halt the increasing trend of throwing things away when not used on a regular basis, and provides a means for the items collecting dust on the shelf to become useful again.More
Story image
Will Thales and Motorola help take eSIM mainstream?
Motorola’s razr is the first phone to rely exclusively on embedded-SIM. Does this signal a turning point in the technology’s future?More
Story image
Vodafone NZ update: demand for internet remains 'incredibly high'
The report highlights the increase in usage of voice calls, broadband and mobile data while underscoring the strong uptick in usage of Vodafone NZ’s video conferencing tool.More
Story image
Hands-on review: Visme, a graphics design tool for creating awesome content
Visme is the ultimate enabler for those of us who have the desire to create visually stunning presentations but who need a helping hand to make them look truly professional.More
Story image
Kiwis put off major purchases over COVID-19 financial stress
In response to concerns of the pandemic, Kiwis will put off major purchases, including personal devices and computers.More
Story image
How 3SIXT became a $250m consumer electronics success
We follow the fascinating journey over six years of the Australian consumer electronics brand 3SIXT.More
Story image
Game review: Resident Evil 3 - the remake
I liked the action in Resident Evil 3 since it kept me on my toes the whole time while I was playing through it. Sure some enemies can be a tough challenge, but the hard difficulty is what makes Resident Evil games stand out.More
Story image
The COVID-19 fight: InternetNZ to hold online meeting on contact tracing technology
New Zealand Prime Minister Jacinda Ardern announced contact tracing technology will be one of the three pillars in New Zealand's strategy to contain COVID-19.More
Story image
From fake cures to 5G conspiracies: Fake news explodes during COVID-19 pandemic
"It is vital that we use all the tools at our disposal to combat the spread of fake news and the huge damage it does."More
Story image
Surprise surprise: Kiwis spending less in lockdown, research finds
"The deliberate cut in spending on things like socialising and leisure activities is starting to see money staying in the bank."More
Story image
Trade Me outlaws all 'non-essential' items, announces strict new guidelines
In addition to severely limiting the items which can be traded on the site, Trade Me has also made all payments contactless, and limited item delivery to courier services (no pick-ups).More
Story image
Lenovo launches Legion series of gaming PCs & laptops
Lenovo has launched a new 2020 lineup of gaming PC and laptops, which are sure to give fans of prebuilt gaming PCs something to smile about.More
Story image
UN and Hackster.io partner up to take on COVID-19 in developing countries
The COVID-19 Detect and Protect Challenge calls on engineers to design low-cost and easily deployable software, hardware and services to support the detection and prevention of COVID-19 in some of the world's most vulnerable areas.More
Story image
No surprise: Vodafone calls and data usage up as week three of lockdown sets in
Calls and data usage on the Vodafone network remain high, according to Vodafone NZ who has released its latest network report in week 3 of lockdown. More
Story image
Unprepared: Many work-from-home policies only created in last 30 days
"This is very much a wake-up call. Much of the job loss we have seen is a direct result of a lack of preparation on the part of companies that should have known better."More
Story image
Latest Ford and Volkswagen smart cars pose 'serious' privacy and security risk
A consumer goods testing company says its testing of both the latest Ford Focus and Volkswagen Polo indicated the new technology offered in the cars renders users vulnerable to security and privacy breaches.More
State of the nation: SEEK reports extreme impact on job market by COVID-19
Advertisements for new jobs have fallen drastically since the COVID-19 outbreak took hold, according to the latest employment snapshot from SEEK New Zealand. More
Report: Majority of New Zealanders exposed to cyber crime
It's not enough to simply have anti-virus software installed on a laptop anymore.More
Plans for floating data centre in Singapore revealed
With the growing global demand for data centres, Keppel Data Centre says its floating data centre concept is an environmentally-friendly and resource-efficient way to meet the expanding needs of the digital economy. More
Hands on review: AirFly Pro - the Bluetooth tool you didn’t know you needed
Have you ever turned on the TV late at night while your flatmates are asleep and thought, ‘I wish I can just connect my AirPods or my wireless headphones to the TV?’ The AirFly Pro does just that. More
Hands-on review: ROG-STRIX-RX5700XT-O8G-Gaming GPU
Is this the best value graphics card for 1440p gaming? We find outMore
Google leads donations as tech sector pledges US$1.4 billion to COVID-19 crisis
Google is leading the way in donations, with around $800 million donated to date.More
Sony's 'DualSense' controller a quaint touch for the PS5
Haptic feedback will allow players to 'feel' more of the games they play - but that's not the only change.More
Hands-on review: NVIDIA Shield TV
Nvidia’s Shield TV is easily a recommended Android TV solution, especially if you are a PC gamer and want to easily play your games on the lounge TV.  More
COVID-19: Global esports revenue will take a hit despite higher viewership
Newzoo has revealed that it has adjusted its previous estimate for worldwide esports as a result of the cancellation of big-ticket events.More
COVID-19: ChristchurchNZ announces $200,000 business support subsidy
The subsidy is being delivered as part of a wider business support package during phase one of a Christchurch Economic Recovery Package.More
Opportunity knocks for robotics in world of COVID-19
ABI Research highlights that while manufacturing opportunities are down, the worlds of disinfecting, surveillance and delivery are opening.More
Jabra updates to Evolve2 with new headset range
The Evolve2 aims to meet the new requirements that organisations have since the Evolve range first hit the market in 2014.More
2degrees to slash 120 jobs as COVID-19 impacts set in
2degrees is proposing to cut 10% of its 1200-person workforce, in response to the evolving Covid-19 crisis. More
Revealed: Top gaming trends as players stay home
Video games have seen an increase in engagement in the last month or so. This was predictable, but in an effort to understand the gaming habits of those kept inside, games market insights and analytics company Newzoo asked the question: what kind of games are people playing in lockdown?More
Fitbit's Charge 4 features inbuilt GPS and Fitbit Pay
Fitbit’s renowned Charge fitness tracker is welcoming the fourth iteration to its product line – the Charge 4.More
Game review - One Piece: Pirate Warriors 4
It's a decent Dynasty Warriors type game that fans of the anime and manga will enjoy a lot.More
HP targets creatives with new additions to HP Create Ecosystem
HP has released additions to its HP Create Ecosystem, with the HP ZBook Studio, HP ZBook Create and the HP ENVY 15, all designed for creators including consumers and professionals.More
Apple announces new iPhone SE, the 'most affordable' iPhone yet
Apple says the new offering is the company's most affordable iPhone to date.More
More stories