How to Deal With Cybersecurity Extortion Breaches

Why Trust Techopedia

The unmasking of the man behind the notorious ransomware gang, LockBit, by UK, US, and Australian security agencies might have provided a much-needed respite for many victims of ransomware attacks.

While the news will send shockwaves through the spine of other ransomware gangs hiding under different aliases and provide cyber defense agencies with a good investigative lead, it also speaks to the fact that ransomware attacks have been a persistent menace for years, refusing to fade into the background despite our best efforts.

Many reports suggest a troubling rise in attacks, to the point that certain ransomware groups are rebranding as business partners.

But how bad has it gotten — and what new strategies are at their call in 2024?

Techopedia looks at recent data and sits down with cybersecurity voices to discuss the issue.

Key Takeaways

  • There is a notable shift towards “double extortion” in 2024 where ransomware actors not only encrypt data but also threaten to leak or sell stolen data if ransom demands are not met.
  • Web applications have become the primary entry point for cyberattacks, as they are often created by non-security-focused engineers and must be publicly accessible.
  • Experts recommend a multi-layered approach combining endpoint security, data exfiltration controls, incident response planning, and continuous threat monitoring.
  • Self-attack simulations and adversarial exercises against an organization’s own infrastructure are advocated to find exploitable weaknesses before attackers do.
  • Vetting third-party cybersecurity practices and supply chain risk is crucial, as a growing number of breaches originate from partners and vendors.

Ransomware Still Hits Harder than Ever in 2024

According to a 2024 Thales survey of 3,000 IT and security professionals across 18 countries and 37 industries, ransomware attacks surged by 27% more than last year. The survey also shows that despite the growing threat, about half of the organizations under survey didn’t have any comprehensive ransomware counter plan among their security best practices.

Advertisements

Corroborating the above observations, Verizon’s 2024 Data Breach Investigations Report (DBIR) unveiled a significant uptick in attacks that capitalize on vulnerabilities to gain an initial foothold and ignite data breaches.

The report highlights a 180% increase in such attacks compared to the previous year. These breaches also include those associated with partner infrastructure and software supply chain issues, both directly and indirectly.

This escalation according to Verizon is largely attributed to the exploitation of MOVEit and similar zero-day vulnerabilities. The report further identifies web applications as the primary vector for these initial entry points.

In addition to these new findings, Techopedia recently reported a new pattern in ransomware espionage where ransomware gangs now team up to orchestrate cyber attacks from one front. This approach makes these gangs more difficult to pin down, further putting a strain on security forces who may need to stretch beyond their capacity to fish them out.

Ransomware Breaches Now Involve Extortion Tactics

There’s also a notable shift in the strategies of traditional ransomware actors towards double extortion techniques. Per Verizon DBIR report, extortion attacks have increased over the past year, accounting for 9% of all breaches. While there was a slight decrease in ransomware to 23%, when combined with extortion, they account for a significant 32% of breaches, making ransomware a major threat across 92% of industries.

Echoing these concerns, a recent Flashpoint Global Threat Intelligence Report shed light on the evolving tactics of cybercriminals, who now not only encrypt data and demand ransoms but also threaten to leak or sell stolen information if their demands are not met. This “double extortion” tactic, according to Flashpoint, puts even more pressure on victims to cough up the cash.

Speaking to Techopedia on the above, Ryan Westman, Director of Threat Intelligence at eSentire pointed out that the focus on double extortion started when companies upped their data protection and recovery programs.

Westman explained:

“When companies had data protection and recovery programs in place, cybercriminals added data theft and leakage methods to their approach. This involves stealing data prior to encryption, then threatening the release of data online as well as the encryption side. This is an additional risk that companies have to factor into their planning around security and incident response.”

Ransomware actors are evolving their tactics, capitalizing on weak data exfiltration controls at many organizations, Elisha Riedlinger, COO at NeuShield, told Techopedia.

Riedlinger said:

“As security ramps up, it is increasingly more difficult for attackers to ransom data by encrypting it. However, controls for exfiltration are still weak in many organizations. Furthermore, while many companies may not pay to recover encrypted data they may pay to keep their data off the Internet. Plus, stealing data can be done without using any form of malware or malicious code, making it much harder to detect.”

Web Applications Are the Main Entry Points

Web applications have become the primary entry points for cyberattacks in 2024, as highlighted in the Verizon DBIR. This trend according to Riedlinger is not surprising given that these applications are often created by non-security-minded engineers.

He told Techopedia:

“Web applications have a tendency to be Internet-facing, complicated and created by non-security focused engineering teams. All of which makes them a good target for attack.”

The widespread adoption of web applications is to blame in this new wave of cybersecurity risks, Adam Maruyama, Field CTO at Garrison Technology, told Techopedia.

Maruyama noted:

“Web applications are an easy target for hackers because they are, by definition, available to anyone with access to the open Internet. While this creates ease of access for employees, it also means that, for example, a vulnerable login interface would be available to anyone with an Internet connection.”

He added, “This makes attack reconnaissance much easier and lowers the barriers so ‘spray and pray’ attacks that target any vulnerable service, rather than specific companies, are rather simple to execute.”

For Matt Middleton-Leal of cybersecurity firm Qualys, poor access control for web apps and cloud resources is a major threat IT teams face as hackers commonly target credentials to gain initial access.

“It’s common practice for hackers to look out for credentials as part of their attack paths – this could be through finding credentials buried in public software repositories, or as the second stage of getting access to a company’s cloud instances in order to get more access then move laterally to where valuable data exists.”

Middleton-Leal went on to add that web apps are vulnerable as many must be publicly accessible. “For some, they have to be on the public Internet. Utilities like file transfer applications may be used by your partners or customers to transfer files as well as your internal staff, so locking them out of sight just isn’t an option.”

The Best Path Forward for Cybersecurity

A lot can be said about best practices for securing against ransomware, but organizations must take preventative steps first, Riedlinger of NeuShield notes.

He advised:

“Organizations need to put in place endpoint security that is able to detect, record, and block malicious activity. However, they should not assume that prevention alone will solve the issue. Having the ability to secure their most critical data against exfiltration and having the ability to quickly recover all devices in the event that they are compromised is vital.”

“The first step is securing edge devices, patching quickly, and restricting access to resources to the minimum required,” said Westman of eSentire.

He also recommends planning and preparation, stating “You should also prepare your incident response strategy so that you can be proactive around how you can minimize any impact from an attack. Other crucial measures include improving your threat intelligence approach using dark web monitoring for leaked credentials or other ways to access your systems.”

Principal Security SME at Horizon3.ai, Stephen Gates, stresses the need for organizations to go on the offensive against ransomware threats.

Gates told Techopedia:

“Organizations must find their exploitable weaknesses before attackers do, and attack themselves with the same tactics.”

He cited the U.S. Department of the Navy and the Joint Force Headquarters–Department of Defense Information Network advocating that “organizations must shift from compliance-based security to operational readiness-based security. The best way to measure operational readiness is to perform manual and automated adversarial exercises against your own external, internal, and cloud infrastructures.”

Given that a growing trend of security breaches originate from third parties or partners within an organization’s supply chain, Kiran Chinnagangannagari, Co-founder, Chief Product & Technology Officer at Securin urges organizations to carry out due diligence around each partner’s cybersecurity practices.

“Considering this, organizations must prioritize vetting their partners’ cybersecurity practices. One effective approach is to request partners to complete a standardized security questionnaire based on frameworks such as the NIST Cybersecurity Framework (CSF) or ISO 27001. These frameworks delineate best practices in cybersecurity and facilitate self-assessment.”

The Bottom Line

Ransomware attacks have been around for many years, and there is nothing to suggest they’re going away. With this in mind, organizations need to prepare themselves well enough to counter such attacks as much as they can while having a post-incidence response plan in place in case they fall victim.

Some of the cybersecurity experts we spoke to already highlighted the first steps in getting defenses all shored up and other approaches that could help put companies in the best shape possible against ransomware attacks.

While the best practices offered above might not fit into every organization’s cybersecurity posture and policies, organizations are advised to seek out more industry-tailored strategies as the cost of doing nothing is very expensive.

Advertisements

Related Reading

Related Terms

Advertisements
Franklin Okeke
Technology Journalist
Franklin Okeke
Technology Journalist

Franklin Okeke is an author and tech journalist with over seven years of IT experience. Coming from a software development background, his writing spans cybersecurity, AI, cloud computing, IoT, and software development. In addition to pursuing a Master's degree in Cybersecurity & Human Factors from Bournemouth University, Franklin has two published books and four academic papers to his name. His writing has been featured in tech publications such as TechRepublic, The Register, Computing, TechInformed, Moonlock and other top technology publications. When he is not reading or writing, Franklin trains at a boxing gym and plays the piano.