Threat Spotlight: Triple Extortion Ransomware

/in


Executive Overview

Threat actors have escalated the single extortion ransomware attack model to double and even triple extortion. 

With the commodification of cybercrime, adversaries have significantly increased the sophistication levels of their operations, and therefore also the potential devastating impacts of a ransomware attack. 

Flare Director of Marketing Eric Clay and CTO & Co-Founder Mathieu Lavoie discussed the latest trends in ransomware attacks including: double/triple extortion, different types of ransomware, methods for stealing sensitive data, and more.

Check out our full webinar recording, Triple Extortion Ransomware & Dark Web File Dumps, and/or keep reading for the highlights.

Commodification of Ransomware Groups

Ransomware groups are becoming more like companies, such as with:

  • mission-oriented approaches
  • recruitment practices to seek new hires
  • specialization

The Karakurt group, after operating privately for a year, has recently published a recruitment post to attract new members. They pride themselves on their mission to hold companies accountable for existing vulnerabilities in their cybersecurity and for the negligence of their IT staff. These groups can be driven by both financial and political motives, often influenced by the shifting landscape of geopolitics.

In general, there are two distinct types of specialization within such groups. Similar to a company with various departments, a group can have internal specialization. For instance, within a ransomware group, some members might excel in negotiating the ransom, while others primarily focus on developing malware. Another form of specialization involves individual groups having their own areas of expertise, akin to specialized agencies within a larger company. One group might concentrate on distributing ransomware, collaborating with another group that specializes in extortion.

This organized and specialized collaboration among groups can lead to more intricate and scalable operations compared to individual threat actors.

Changes in Ransomware Groups

Ransomware groups are constantly changing their tactics, techniques, and procedures (TTPs) to optimize their strategy. One alarming trend that we’ve…

Source…