Blog  •  September 08, 2023

Start the Conversation

Honeypot Field to Catch Bots
Honeypot Field to Catch Bots

Are You Ready for Multi-Extortion Ransomware?

Welcome to Cybersecurity Awareness season, where we hope to shed light on the latest cybersecurity threats and offer several resources that organizations can use to mitigate or prevent them.

Any organization that handles vast amounts of confidential data is potentially a target to bad actors looking to deploy ransomware attacks, with far-reaching consequences such as loss of clients or reputational damage. In fact, ransomware is the fastest growing type of cybercrime, with attacks expected to occur every two seconds by 2031, according to a 2023 Cybersecurity Ventures report.

If you think ransomware couldn’t get any worse, think again. Ransomware attacks continue to evolve and multiply, greatly affecting organizations’ data protection strategies. A sinister recent evolution of this threat is multi-extortion ransomware.

Ransomware, Double Extortion Ransomware, Triple Extortion Ransomware
Ransomware is a type of malicious software — or malware — that encrypts a victim's files or locks them out of their computer systems, rendering the data inaccessible and unusable. Cybercriminals demand a ransom payment in exchange for restoring access to the encrypted files.

Double extortion ransomware is a malicious cyberattack strategy that combines the tactics of traditional ransomware with an additional layer of extortion. Cybercriminals not only encrypt the victim's sensitive data, denying them access, but they also threaten to expose or publish the stolen data to the public or a competitor unless a ransom is paid. By exploiting the fear of data loss and the potential fallout from data exposure, double extortion ransomware amplifies the stakes and increases the complexity of response.

Triple extortion ransomware takes this one attack step further a widescale distributed denial of service (DDoS) attack against the victim, preventing or severely hampering access to the victim’s website, servers, or products. This makes recovery efforts more challenging and prevents clients and the public from reaching the victim’s web-based products.

“Double or triple extortion is now commonplace, as well as repeated attacks on the same targets by different ransomware operators,” according to Steve Morgan, editor-in-chief of Cybercrime Magazine.

Resources to Help Your Organization Prepare for Ransomware
Due to the escalating risks associated with ransomware, defending against these threats has become a priority for organizations, as a single attack can have cascading effects on an organization’s partners, suppliers, and customers — as well as their public reputation. Even worse, for critical organizations such as hospitals and utilities, a ransomware attack could put human lives at risk. We recently wrote about ransomware and how organizations can mitigate risks via a multi-layered approach to be proactive and vigilant. Check out 11 Actions to Mitigate Ransomware (and Other Cybersecurity Threats).

One excellent way organizations can protect themselves is by using a virtual data room (VDR), such as DFIN’s Venue. Secure and intuitive, Venue is used for transmitting sensitive data and sharing confidential documents with external parties, streamlining collaboration among authorized stakeholders, and meeting regulatory compliance. This can help organizations mitigate the security risks associated with traditional document sharing methods, like email, and establish a robust framework for safeguarding critical information.

Venue helps organizations protect personally identifiable information (PII) and confidential information by using multi-factor authentication, 256-bit encryption, virus/malware scanning, secure information rights management (IRM) — this means that Venue users can provision permissions of precisely who can see what — and dynamic watermarking. Venue has the highest levels of infrastructure security and meets stringent auditing and reporting compliance requirements including SOC2 Type II auditing and reporting and ISO/IEC 27001:2013 compliance.

Here are several additional resources for organizations:

The Cybersecurity and Infrastructure Security Agency (CISA)

United States Secret Service offers:

National Institute of Standards and Technology (NIST)

As cybercriminals continue to refine their tactics and target organizations across industries, understanding and preparing for the multifaceted risks posed by the many variations of ransomware — and other cybersecurity threats — is not just prudent, it's a critical necessity in doing business today. Establishing robust cybersecurity measures, including regular data backups, robust network defenses, employee training, and developing and practicing incident response plans, is crucial.

Prioritizing security at every product and company level is of utmost importance to DFIN. For the latest cybersecurity updates and best practices, check DFIN’s Knowledge Hub regularly.

dannie combs

Dannie Combs

Chief Information Security Officer, DFIN