Double-extortion ransomware attacks exploded in 2020, according to F-Secure’s Attack Landscape Update report.
The tactic involves threat actors stealing data from organizations in addition to encrypting files. This means that, as well as demanding a ransom to decrypt data, attackers can later threaten to leak the stolen information if an additional payment is not made.
The researchers observed that by the end of 2020, 15 different ransomware families had used this double-extortion approach, which compares to just one in 2019. Additionally, it was found that nearly 40% of ransomware families discovered last year utilized this ransomware method.
Commenting on this trend, Calvin Gan, a senior manager with F-Secure’s Tactical Defense Unit, explained: “Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information.
“Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we’re already seeing with the recent MS Exchange vulnerabilities.”
The study also outlined a number of other significant cybersecurity trends that took place in 2020. There was a tripling in the use of Excel formulas to obfuscate malicious code in the second half of 2020. In regard to phishing attacks, the most popular brand spoofed in emails was Outlook, followed by Facebook Inc. and Office365, while web hosting services made up nearly three-quarters of domains used to host phishing pages.
In a retrospective analysis of notable supply chain attacks from the last 10 years, F Secure highlighted than more than half targeted either utility or application software.
Gan added: “In security, we place a lot of emphasis on organizations protecting themselves by having strong security perimeters, detection mechanisms to quickly identify breaches and response plans and capabilities to contain intrusions. However, entities across industries and borders also need to work together to tackle security challenges further up the supply chain. Advanced persistent threat groups are clearly ready and willing to compromise hundreds of organizations through this approach, and we should work together to counter them.”