New and Improved Double Extortion Ransomware now available from crooks near you.
Or online from St. Petersburg!
Act Now! Hackers are standing by.

My first exposure to the idea of "double extortion" ransomware was in October 2020, when a psychiatric institution in Finland was hacked.  Since then, double extortion ransomware is becoming more common.  Double extortion ransomware crooks go directly to the individuals whose personal data has been stolen, and threaten to release this personal information if the victim doesn't pay the ransom.  Now, if this is your shrink who has been hit, imagine what could be published about you.  I mean, what kind of things do you tell your psychiatrist?  Things you will not tell your priest.  Well, you can use your imagination here.

In fact, the first reported instance of a double extortion ransomware attack occurred in December 2019, when the city of Pensacola, FL was shutdown due to a Maze ransomware attack.  Security investigators and law enforcement concluded that the ransomware attack appeared to be using the same software as an attack against Allied Universal, a California-based security company that has over 200,000 employees.  When Allied Universal "apparently missed the deadline for payment of the ransom on the files, the ransomware operators published 700 megabytes of files from Allied and demanded 300 Bitcoins (approximately $2.3 million) to decrypt the network." 

It is now estimated that "70% of ransomware attacks involved the threat to leak exfiltrated data."  This represents an increase of 40% in just one quarter of 2020, Q3 to Q4.  One reason for the growth in Extortionware is that fewer businesses are paying the first ransom.  For a very detailed report on all particulars of ransomware, read the report of security company, Coveware, referenced above.

Another very troubling new, and I should say reoccurring, trend is ransomware wiping drives of all data with no ability no retrieve the lost data whether a ransom is paid or not.  The Conti ransomware gang is most famously associated with data destruction. 

"Palo Alto Networks has described the gang as a standout, and not in a good way: “It’s one of the most ruthless of the dozens of ransomware gangs that we follow,” the firm said. As of June, Conti had spent more than a year attacking organizations where IT outages can threaten lives: Hospitals, emergency number dispatch carriers, emergency medical services and law-enforcement agencies.

Large entreprises are at extreme risk to this type of an attack.  Take, for example, a large national health insurance company.  An entreprise of such enormity might well have petabytes of data.  Petabyte maybe a new term to many.  A petabyte (PB) is 1,024 terabytes (TB).  The down time required to backup and restore this quantity of data is one reason large firms will pay the ransom.

Fortuntely for most of us, we only need to backup a few terabytes or few hundred gigabytes, mostly likely less.  Individuals users and their small networks can mitigate the worse outcomes of ransomware by careful, consistent, and conscientious LOCAL BACKUP TO AN EXTERNAL DRIVE.  By relying on cloud backup alone, users risks their online backups to be encrypted as well as their hard drives.  Online backups are seen as drives continually mounted and thus active. An external drive only needs to be connected to the computer, and thus mounted and active, when backing up or restoring,  The best tool for making local backups WAS Microsoft's SyncToy, which is discontined by MS and removed from their website.  I have archived the SyncToy installation app and its supporting files.

 
Gerald Reiff