Venafi has published the findings of a global survey of IT decision-makers looking into the use of double and triple extortion as part of ransomware attacks. The data reveals that 83 percent of successful ransomware attacks now include alternative extortion methods such as using the stolen data to extort customers (38 percent), exposing data on the dark web (35 percent), and informing customers that their data has been stolen (32 percent).
Just 17 percent of successful attacks solely asked for a ransom in return for a decryption key, meaning that many new forms of extortion are now more common than traditional methods. As data is now being exfiltrated, having a back-up of data – while still essential for recovery from an attack – is no longer effective for containing a breach says the survey report.
The data also shows that cyber criminals are following through with these extortions, often even after a ransom has been paid:
- Almost a fifth (18 percent) of victims paid the ransom but still had their data exposed on the dark web.
- This is more than the 16 percent that refused to pay the ransom and had their data exposed.
- Almost one-in-ten companies (8 percent) refused to pay the ransom, and the attackers tried to extort their customers.
- Over a third (35 percent) of victims paid the ransom but were still unable to retrieve their data.
“Ransomware attacks have become much more dangerous. They have evolved beyond basic security defenses and business continuity techniques like next-gen antivirus and backups,” said Kevin Bocek, vice president of business development and threat intelligence at Venafi. “Organizations are unprepared to defend against ransomware that exfiltrates data, so they pay the ransom, but this only motivates attackers to seek more. The bad news is that attackers are following through on extortion threats, even after the ransom has been paid! This means CISOs are under much more pressure because a successful attack is much more likely to create a full-scale service disruption that affects customers.”
When asked about the evolution of extortion in ransomware attacks, 71 percent of those polled believe that double and triple extortion has grown in popularity over the last 12 months, and 65 percent agree that these new threats make it much harder to say no to ransom demands.
This is creating problems for the industry. 72 percent of IT decision-makers agree that ransomware attacks are evolving faster than the security controls needed to protect against them, and 74 percent agree that ransomware should now be considered a matter of national security. As a result, 76 percent of companies are planning on spending more in 2022 on ransomware-specific controls due to the threat of double and triple extortion.
Wider than internal measures, two-thirds (67 percent) of IT decision-makers agree that public reporting of ransomware attacks will help to slow down its growth. A further 77 percent agree that governments should do more to help private companies to defend themselves from ransomware.
“Threat actors are constantly evolving their attacks to make them more potent, and it’s time for the cyber security industry to respond in kind,” explained Bocek. “Ransomware often evades detection simply because it runs without a trusted machine identity. Using machine identity management to reduce the use of unsigned scripts, increase code signing and restricting the execution of malicious macros are vital to a well-rounded ransomware protection.”
About the research
Conducted by Censuswide, Venafi’s survey evaluated the opinions of 600 IT decision-makers across the UK, Australia, France, Germany, Benelux, and the US.