83% of successful ransomware attacks feature double or triple extortion tactics

New Venafi research shows that ransomware attackers are regularly exfiltrating data, circumventing ‘restore from backup’ safety measures.

Venafi has published the findings of a global survey of IT decision-makers looking into the use of double and triple extortion as part of ransomware attacks. The data reveals that 83% of successful ransomware attacks now include alternative extortion methods, such as using the stolen data to extort customers (38%), exposing data on the dark web (35%), and informing customers that their data has been stolen (32%).

Just 17% of successful attacks solely asked for a ransom in return for a decryption key, meaning that many new forms of extortion are now more common than traditional methods. As data is now being exfiltrated, having a back-up of data – while still essential for recovery from an attack – is no longer effective for containing a breach.

The data also shows that cybercriminals are following through with these extortions, often even after a ransom has been paid:

Almost a fifth (18%) of victims paid the ransom but still had their data exposed on the dark web

This is more than the 16% that refused to pay the ransom and had their data exposed

Almost one-in-ten companies (8%) refused to pay the ransom, and the attackers tried to extort their customers

Over a third (35%) of victims paid the ransom but were still unable to retrieve their data

“Ransomware attacks have become much more dangerous. They have evolved beyond basic security defenses and business continuity techniques like next-gen antivirus and backups,” said Kevin Bocek, vice president of business development and threat intelligence at Venafi. “Organizations are unprepared to defend against ransomware that exfiltrates data, so they pay the ransom, but this only motivates attackers to seek more. The bad news is that attackers are following through on extortion threats, even after the ransom has been paid! This means CISOs are under much more pressure because a successful attack is much more likely to create a full-scale service disruption that affects customers.”

When asked about the evolution of extortion in ransomware attacks, 71% of those polled believe that double and triple extortion has grown in popularity over the last 12 months, and 65% agree that these new threats make it much harder to say no to ransom demands.

This is creating problems for the industry. 72% of IT decision-makers agree that ransomware attacks are evolving faster than the security controls needed to protect against them, and 74% agree that ransomware should now be considered a matter of national security. As a result, 76% of companies are planning on spending more in 2022 on ransomware-specific controls due to the threat of double and triple extortion.

Wider than internal measures, two-thirds (67%) of IT decision-makers agree that public reporting of ransomware attacks will help to slow down its growth. A further 77% agree that governments should do more to help private companies to defend themselves from ransomware.

“Threat actors are constantly evolving their attacks to make them more potent, and it’s time for the cybersecurity industry to respond in kind,” explained Bocek. “Ransomware often evades detection simply because it runs without a trusted machine identity. Using machine identity management to reduce the use of unsigned scripts, increase code signing and restricting the execution of malicious macros are vital to a well-rounded ransomware protection.”

Channel and alliances veteran Mark Osmond to grow channel ecosystem relationships by tapping into rapidly growing application security testing market.
Retrospect has introduced Retrospect Backup 18.5, featuring new anomaly detection, customizable filtering and thresholds, and enhanced ransomware protection to help businesses quickly detect and protect against malicious attacks. With deeper Microsoft Azure Blob integration for Immutable Backups and integrated cloud bucket creation, Retrospect Backup 18.5’s anomaly detection and ransomware protect bolsters StorCentric's data-centric security approach to organizations’ critical infrastructure.
A fifth of employees believe their organisation has held back from modernising its processes with new technologies during the pandemic.
Industry’s first solution that unifies multicloud observability and advanced AIOps with real-time vulnerability management and defense.
Latest upgrade of industry-leading PAN-OS software leverages cloud compute to detect highly evasive threats more quickly and effectively than anything previously available.
InfiniGuard delivers significant updates for modern data protection, disaster recovery, and business continuity, while strengthening cyber resilience with InfiniSafe.
Binalyze enables enterprises to respond to cyber breaches in real-time which dramatically speeds up investigations and remediation; this funding will expand the platform’s capabilities.
Two-thirds of remote workers reported worrying about their online security and privacy, even if nothing is wrong.