The new trend of cyberattacks has begun to be observed from the end of 2020 and the beginning of 2021. The rescue has cost US $ 310,000 on average to each attacked company.
The cybersecurity company Check Point has discovered a change in trend in recent ‘ransomware’ cyberattacks, which expand the technique known as double extortion and, in addition to blackmailing companies to recover their data and filter it on the Internet, they request ransoms from also to customers.
Triple extortion ransomware has started to be seen since late 2020 and early 2021, following the 2020 success of double extortion cyberattacks, with 40 percent of newly discovered ransomware families incorporating the data breach.
Triple extortion follows this trend and takes it further, including: the theft of data, the demand for a financial reward from the affected company and also adding blackmail to customers, as Check Point reported in a statement.
The first notable case of triple extortion was the blow to the Vastaamo clinic, which occurred in October 2020. This Finnish psychotherapy clinic, which had 40,000 patients, suffered a security breach throughout a year which culminated in extensive theft of data from all of his patients using ‘ransomware’.
After the offensive, a ransom was demanded from the company, but in this case, surprisingly, smaller sums were also requested from patients, who received ransom requests individually by email. In those emails, cybercriminals threatened to publish the content of the sessions with their therapists.
On a larger scale, in February 2021 the ransomware group REvil announced that it had added two stages to its dual extortion scheme: DDoS attacks and phone calls to the victim’s business partners and the media.
In these attacks, external partners and service providers are affected and harmed by data leaks caused by this new threat, even if their network resources are not the direct target.
Today, the average ransom payment by companies has risen 171% in the last year, costing each company attacked $ 310,000 on average. Data leaks have been the main consequence for more than 1,000 companies that refused to comply with ransom requests in 2020.
