What Is Double Extortion Ransomware? (original) (raw)

The Origins of Double Extortion Ransomware

Ransomware has been around in some form for decades, beginning with the 1989 AIDS trojan, or PC Cyborg virus. Distributed via floppy disks, the AIDS trojan directed its victims to mail $189 to a post office box in Panama to regain access to their systems.

More than 30 years later, the advent of cryptocurrencies has made tracking of payments more difficult for law enforcement, but cybersecurity teams have improved their backup and security policies to aid in decryption. In 2019, a criminal organization called TA2102 used the Maze ransomware to perpetrate the first high-profile double extortion ransomware attack when they infiltrated security staffing company Allied Universal.

Instead of simply encrypting the firm’s data, TA2102 exfiltrated it and threatened to publish the stolen information online unless Allied paid a ransom of US$2.3 million in bitcoin. This meant that even if Allied had been able to restore their network and data, they would still suffer a severe data breach unless they paid up.

Since then, double extortion ransomware incidents have become more popular and complex. In 2020 alone, at least 15 ransomware families using the technique perpetrated 1,200 incidents, resulting in many high-visibility data leaks.

To add to that, ransomware attacks in general have become larger, more frequent, and easier to perpetrate. Affiliate networks now can purchase ransomware as a service (RaaS) over the dark web as well as use high-impact techniques, such as exploiting vulnerabilities in the software supply chain, to maximize their returns.