Advancement Of Ransomware Operators: Quadruple Extortion!!

In our earlier article, we had covered how Hackers are atleast six steps advanced than defense team, further elaborating, as if  “double extortion ransomware attacks weren’t disturbing enough, Hackers have multiplied this now & have come out with “Quadruple Extortion”. Time to buckle up to address this!

Concept of Double Extortion: With double extortion, which became increasingly popular last year, attackers first encrypt data and demand victims pay a ransom to regain access to compromised systems. But then, they also steal that data and threaten to publicly release sensitive information and IP if the organization doesn’t pay up.

Now with rapid advancement, they have upskilled & devised a new method, which further devastating with the concept of “Quadruple Extortion”

Concept of Quadruple Extortion: Quadruple extortion takes things two steps further. After the encryption and data exfiltration, the ransomware gang launches a denial-of-service attack that shuts down the victim’s public websites. And for step four — harassment — the criminals contact the organization’s customers, business partners, employees, and the media to let them know about the hack. “

As a matter of fact Implications of Ransomware Crisis and new TTPs (Tactics, Techniques & Procedures) were discussed very extensively during recently concluded this year’s “BlackHat” edition.

As per VMWare’s 2021 Global Incident Response Threat Report found the severity of attacks thus far this year has skyrocketed, with destructive and zero-day attacks occurring 51% of the time, attackers deploying custom malware 52% of the time, and counter incident response occurring 61% of the time.

“You’re dealing with an adversary that refuses to leave the environment,” he added. “They are doing everything from wiping logs to undermining the efficacy of security controls to disabling those controls to all the way to the manipulation of time stamps.” In fact, VMware found that attackers manipulated time stamps in 58% of breaches. This is especially effective because it makes it more difficult for security teams to detect these attacks, and it also undermines the confidence that teams have in the data sets.

In a very interesting note, Accenture had very recently highlighted new ransomware trends as cybercriminals use more aggressive tactics to force victims to pay up. “The patterns have changed, and 2021 is looking very different from previous years,” said Patton Adams, strategic cyberthreat intelligence lead at Accenture, during a cyber threat landscape trends session at Black Hat & then we heard the breaking news about Accenture, themselves got attacked with demand of US$ 50M payout. Here we see, the consulting firm which is famous for providing consultancies to Govt Agencies & Big Clients about Cyber Security practices at very premium charges, they could not save themselves even.

Time for to re-check our own house first, before we start advising others !!

Author:  RED Team of Armantec, led by Shamsher Bahadur – Cyber Security Practice Head.

This Article has been Submitted by Armantec Systems Pvt Ltd (www.armantecsystems.com), a Noida Based Threat Intelligence & RED Teaming Consulting Firm, with the prime focus on custom Ransomware Attacks Solution for Critical Information Infrastructures (CIIs).