Rapid7 report examines the use of double extortion ransomware attacks

New insights into how attackers think when carrying out cyberattacks, as well as deeper analysis of the disclosure layer of double extortion ransomware attacks, have been revealed.

Rapid7’s “Ransomware Data Disclosure Trends” report involved researchers using proprietary data from the light, deep and dark web to find more information about the types of data attackers are leaking to coerce victims into paying a ransom.

The researchers then explored the tendency for double extortion in detail. This was started by Maze ransomware group causing harm to many. The method not only involves threat actors holding data hostage for money, but they also threaten to leak that data (either publicly or for sale on dark websites) to extract even more money. companies.

The company says threats and attacks like this have caused billions in losses across almost every industry in the world and have also stopped the flow of critical infrastructure such as healthcare services, often putting lives at risk. .

Using proprietary data collection tools to analyze the disclosure layer of double extortion ransomware attacks, Rapid7 research identified the types of data hackers initially disclose to coerce victims into paying ransoms.

The biggest changes were seen in the pharmaceutical, financial services and healthcare sectors.

Financial data was disclosed most often (63%), followed by client/patient data (48%). Looking in detail at the healthcare and pharmaceutical sectors, internal financial data was disclosed 71% of the time, more than any other industry. Breach of customer/patient data was also a common issue, having been disclosed in 58% of disclosures in the combined industries.

Although now defunct, the Maze Ransomware group was responsible for 30% of these types of targeted attacks, with the Conti and REvil/Sodinokibi groups reclaiming some of the perceived market share after Maze disappeared in 2020.

The top five groups in 2021 accounted for just 56% of all attacks, with a variety of smaller, lesser-known groups responsible for the rest.

The report concludes by offering a variety of things companies can do to protect themselves in the long term and avoid further cases of double dick:

  • Companies are suggested to go beyond data backup and include strong encryption and network segmentation.
  • That they prioritize certain types of data for additional protection, especially in areas where threat actors are looking for that particular data to pose an extreme threat.
  • It is understood that certain industries are going to be the target of certain types of leaks and ensure that customers, partners and employees also understand and prepare for the increased risk of disclosure of these types of data.

Comments are closed.