{"id":2149,"date":"2022-03-01T00:52:50","date_gmt":"2022-03-01T07:52:50","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2149"},"modified":"2022-03-01T00:52:53","modified_gmt":"2022-03-01T07:52:53","slug":"the-evolution-of-ransomware-multi-layer-extortion","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/01\/the-evolution-of-ransomware-multi-layer-extortion\/","title":{"rendered":"The Evolution of Ransomware: Multi-Layer Extortion"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><strong>What is Ransomware? <\/strong><\/h2>\n\n\n\n<p>Ransomware is a type of malware that prevents a user from accessing certain files until a ransom is paid. This is typically done via 2 types of ransomware:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Crypto Ransomware:<\/strong> Ransomware that replaces your device&#8217;s files with encrypted data<sup>[3]<\/sup><\/li><li><strong>Locker Ransomware:<\/strong> Ransomware that prevents you from logging into a device<sup>[3]<\/sup><\/li><\/ul>\n\n\n\n<p> Unfortunately, as time has gone on these methods have developed into something more malicious.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"703\" height=\"497\" data-src=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/03\/iStock-1022030450.jpg\" alt=\"\" class=\"wp-image-2197 lazyload\" data-srcset=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/03\/iStock-1022030450.jpg 703w, https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/03\/iStock-1022030450-300x212.jpg 300w\" data-sizes=\"(max-width: 703px) 100vw, 703px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 703px; --smush-placeholder-aspect-ratio: 703\/497;\" \/><figcaption>The above paragraph summed up as a infographic. (Source: <a rel=\"noreferrer noopener\" href=\"https:\/\/www.globalsign.com\/en\/blog\/ransomware-attacks-3-considerations-when-deciding-pay-or-not-pay-and-tips-prevention\" data-type=\"URL\" data-id=\"https:\/\/www.globalsign.com\/en\/blog\/ransomware-attacks-3-considerations-when-deciding-pay-or-not-pay-and-tips-prevention\" target=\"_blank\">globalsign.com<\/a>)<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is Multi-layer Extortion Ransomware?<\/strong><\/h2>\n\n\n\n<p>Multilayer extortion ransomware relies on the methods described above but adds other layers of extortion usually involving different stakeholders to get more money out of organizations and using multiple incentives to get them to comply in the first place. There has been documented cases of double, triple and quadruple extortion ransomware.<\/p>\n\n\n\n<p>For double extortion, the second layer used is typically a threat of revealing sensitive information. This technique was introduced by Maze ransomware group in late 2019.<sup>[2]<\/sup><\/p>\n\n\n\n<p>For triple extortion, it builds upon double extortion by adding in a DDoS attack as a third incentive to get companies to pay up. This technique was first seen done by the Suncrypt and Ragnarlocker groups in the second half of 2020.<sup>[2]<\/sup><\/p>\n\n\n\n<p>Although not as popular (for now) quadruple extortion ransomware exists as well. On top of the extortion methods used in triple extortion ransomware, quadruple extortion builds on the concept by reaching out to customers and stakeholders of the attacked organization. For example, ransomware group Clop had emailed customers warning them that their information tied to the target organization would be posted on a website and that the customers should contact the organization.<sup>[2]<\/sup><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"500\" height=\"500\" data-src=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/02\/Figure-1-ransomware-extortion-levels_v3kmj6epX.jpg\" alt=\"\" class=\"wp-image-2171 lazyload\" data-srcset=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/02\/Figure-1-ransomware-extortion-levels_v3kmj6epX.jpg 500w, https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/02\/Figure-1-ransomware-extortion-levels_v3kmj6epX-300x300.jpg 300w, https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/02\/Figure-1-ransomware-extortion-levels_v3kmj6epX-150x150.jpg 150w\" data-sizes=\"(max-width: 500px) 100vw, 500px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 500px; --smush-placeholder-aspect-ratio: 500\/500;\" \/><figcaption>A detailed overview of multi-layer extortion ransomware. (Source: <a rel=\"noreferrer noopener\" href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-double-extortion-and-beyond-revil-clop-and-conti\" data-type=\"URL\" data-id=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-double-extortion-and-beyond-revil-clop-and-conti\" target=\"_blank\">TrendMicro.com<\/a>) <\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Who is Venafi and What Was Their Survey About?<\/strong><\/h2>\n\n\n\n<p>Venafi is a cyber security company that recently conducted a survey on organizations to gain metrics on the current state of ransomware attacks. They found the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>83% of successful ransomware attacks in the last year were double\/triple extortion ransomware attacks<sup>[1]<\/sup><\/li><li>38% of organizations attacked with ransomware received threats to extort customers using stolen customer data<sup>[1]<\/sup><\/li><li>35% of organizations attacked with ransomware received threats to expose their data on the dark web<sup>[1]<\/sup><\/li><li>32% of organizations attacked with ransomware received threats of telling customers that their data was stolen<sup>[1]<\/sup><\/li><\/ul>\n\n\n\n<p>The above is quite unsettling when combined with other metrics in the survey suggesting that ransomware attacks are getting more aggressive and that companies are not guaranteed to get their data back after paying.<sup>[1]<\/sup><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"170\" height=\"170\" data-src=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/02\/pgpkjrf5gv5o4p0rwhmx.png\" alt=\"\" class=\"wp-image-2177 lazyload\" data-srcset=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/02\/pgpkjrf5gv5o4p0rwhmx.png 170w, https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-content\/uploads\/sites\/115\/2022\/02\/pgpkjrf5gv5o4p0rwhmx-150x150.png 150w\" data-sizes=\"(max-width: 170px) 100vw, 170px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 170px; --smush-placeholder-aspect-ratio: 170\/170;\" \/><figcaption>Venafi Logo. Venafi specializes in protecting machine identities and is located in Salt Lake City, Utah. (Source: <a rel=\"noreferrer noopener\" href=\"https:\/\/www.crunchbase.com\/organization\/venafi\" data-type=\"URL\" data-id=\"https:\/\/www.crunchbase.com\/organization\/venafi\" target=\"_blank\">Crunchbase.com<\/a>)<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to Handle Double\/Triple Extortion Moving Forwards?<\/strong><\/h2>\n\n\n\n<p>Respondents in Venafi&#8217;s survey had the following to say regarding how extortion threats could be handled moving forwards:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>67% of respondents agree that publicly reporting ransomware attacks will slow down attackers<sup>[1]<\/sup><\/li><li>74% of respondents agree that ransomware should be treated as a matter of national security <sup>[1]<\/sup><\/li><li>77% feel governments should provide more help to private companies defend themselves from ransomware moving forwards<sup>[1]<\/sup><\/li><li>76% agree that going forwards, companies and governments need to work closer together to fight the threat of ransomware<sup>[1]<\/sup><\/li><\/ul>\n\n\n\n<p>These findings suggest that organizations feel transparency regarding attacks and stronger government intervention are felt to be venues to explore the future. However, until these changes are made the best we have are guides for single-layered ransomware attacks. The Canadian Centre for Cyber Security has provided this <a rel=\"noreferrer noopener\" href=\"https:\/\/cyber.gc.ca\/en\/guidance\/ransomware-how-prevent-and-recover-itsap00099\" data-type=\"URL\" data-id=\"https:\/\/cyber.gc.ca\/en\/guidance\/ransomware-how-prevent-and-recover-itsap00099\" target=\"_blank\">guide<\/a> for handling ransomware attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>It seems that as technology becomes more advanced we develop new and novel cybersecurity mechanisms. However, these mechanisms are always playing catch-up to the evolving landscape of cybercrime. Most recently double\/triple extortion in ransomware attacks have gained traction in the last couple of years and the survey from Venafi has verified the efficacy of these attacks. I feel the rate of double\/triple extortion ransomware will continue to increase if not move to quadruple extortion moving forwards. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">References<\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li>https:\/\/www.venafi.com\/blog\/venafi-survey-ransomware-evolves-double-and-triple-extortion-now-features-over-80-ransom<\/li><li>https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-double-extortion-and-beyond-revil-clop-and-conti<\/li><li>https:\/\/cyber.gc.ca\/en\/guidance\/ransomware-how-prevent-and-recover-itsap00099<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>What is Ransomware? Ransomware is a type of malware that prevents a user from accessing certain files until a ransom is paid. This is typically done via 2 types of ransomware: Crypto Ransomware: Ransomware that replaces your device&#8217;s files with encrypted data[3] Locker Ransomware: Ransomware that prevents you from logging into a device[3] Unfortunately, as &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/01\/the-evolution-of-ransomware-multi-layer-extortion\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;The Evolution of Ransomware: Multi-Layer Extortion&#8221;<\/span><\/a><\/p>\n","protected":false},"author":371,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[16],"class_list":["post-2149","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","tag-cpsc329","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Nathan Bhandari","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/nathan-bhandari\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/371"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=2149"}],"version-history":[{"count":42,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2149\/revisions"}],"predecessor-version":[{"id":2210,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2149\/revisions\/2210"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=2149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=2149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=2149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}