Cyberattacks are a terrifying, and increasingly common, fact of life. Bad actors damaging your company’s system is bad enough, but ransomware takes cybercrime several steps further. Ransomware is malicious code that encrypts a victim’s data and holds it hostage until a ransom is paid. Several high-profile companies have recently taken serious hits — and paid some serious money to recover their data. And now, to combat backup file restoration, cybercriminals are doubling down on their destruction with two new tactics: double extortion and double encryption.
Double extortion
Double extortion is deployed by hackers to get around backup files as a defense against ransomware. Backups render cyberattacks useless and paying a ransom redundant. Double extortion is also used to force multiple ransom payments. How does it work?
- Ransomware finds a weak point in your company’s system.
- Files are exfiltrated and encrypted.
- A ransom demand is issued, complete with deadline and threats to release sensitive data if the ransom is not paid.
- Ransom is paid — or not. Either way, data decryption may not be available. Black hat hackers don’t offer guarantees.
- Ransom is then demanded from individuals or other companies whose data was accessed through the original attack on your network.
Double encryption
Double encryption is another malignant line of attack employed by cybercriminals to extort multiple ransom payments from the same source. Rather than simply threatening to release data, double encryption places multiple layers of encryption on your company’s files. Victims pay the ransom and decrypt their files, only to find another layer of encryption. The culprits can then demand another ransom payment for the same data. And there’s no guarantee the second ransom payment will be any more effective than the first.
Double encryption is particularly nasty when combined with double extortion. Ransom is repeatedly paid, data remains inaccessible, and the hackers capitalize on your fear of a data release to prevent you from refusing payment. With large, multinational corporations holding the data of countless outside users, a huge loss of revenue is almost inevitable.
Prevention and protection
Fighting ransomware is a multifront war. A proactive approach is best for protecting your company — and customer — data. Guarding systems from ransomware is easier said than done, but there are steps you should take to shift the odds in your favor.
First, train your employees in basic cybersecurity. Everyone should know not to open strange emails, click on suspicious links, or plug in unknown USBs. Implement a “work computers for work” policy to limit your company’s exposure, and require frequent password changes to manage secure access.
Install anti-malware software immediately, and update it regularly. Automating your cybersecurity detection and defense efforts is more effective and more reliable than manual countermeasures. Anti-malware software has scan and alert features to monitor your systems for any sign of a breach and improve your ability to respond quickly and effectively.
Finally, with the holiday season approaching, prepare your employees for the online shopping surge. Holiday shopping season is primetime for malicious hackers. Reinforce your company’s rules about personal activity on work computers, and if you haven’t already implemented multifactor authentication to secure access to your systems — by employees and customers — now is the time.
Multifactor authentication is a secure login method requiring multiple verification steps. When employees enter a password, they are prompted to verify their identity with a code sent via phone or email. New cybersecurity features may even use facial recognition or fingerprint verification. Multifactor authentication is essential for any system holding — or granting access to — sensitive data. If your employees ever work from home, or access company systems from any network you can’t secure, multifactor authentication is a minimum requirement for protecting company data.
Ransomware is not new, but recent attacks are more advanced as cybercriminals develop workarounds to cybersecurity protections and more destructive methods of attack. Double extortion and double encryption are just the latest in a long line of cybercriminal tactics. Prevention remains your company’s best protection.