What Is Triple Extortion Ransomware?

BY Ray Stevens / ON Aug 10, 2021

Cybersecurity threats can take a range of guises, from viruses that exploit weaknesses in digital security systems, to trojans that exploit weaknesses in how employees evaluate security hazards.

Because of this wide abundance of threats, ensuring that your security system receives social engineering testing as well as firewall tests and antivirus systems is critical to avoid major damage to your business.

An emerging threat in this regard is the evolution of Triple Extortion Ransomware, which rely on social engineering to create significant leverage for the hackers and scammers to get what they want.

To understand how they work, it is important to understand how the motives behind viruses and ransomware have changed over the past 30 years.

What is Ransomware?

Viruses are made for many reasons, from data mining to online vandalism, to creating a cheap way to mine cryptocurrency, to even just for fun or to make a point.

Ransomware has the very specific purpose to extort money out of a target and this was true as far back as the very first ransomware attack.

PC Cyborg Trojan, sometimes known simply as Aids Info Disk because it was originally placed on an introductory diskette on the HIV pandemic in 1989, was the very first piece of ransomware, which featured a ransom note asking for $189 ($378 for a lifetime lease).

It was a poorly made virus that could be fixed by using a decryption key found in the code itself but regardless led to its creator going on trial.

This is an example of single-extortion ransomware, where it holds your computer hostage and threatens to delete data unless the demanded money is paid.

However, as more people used the internet and more businesses moved their systems and their sensitive data online, criminals realised they could do more with data than simply destroy it.

From Double To Triple Extortion

Initially, with most viruses being spread from external media rather than on the very limited internet of the age, there was not a whole lot that could be done with any data.

This was the mentality that was used for years in ransomware, and even the famous WannaCrypt ransomware attack was focused more on halting computers and deleting data than exploiting the information they had access to.

However, starting around 2019, ransomware attacks would start to take advantage of the data they had obtained via ransomware. Instead of holding it hostage for a substantial amount of money, more recent ransomware groups instead threaten to leak the data.

Sometimes known as ‘leakware’ or ‘doxware’, these attacks are targeted to specific businesses or individuals with information valuable enough to leak, such as healthcare information, bank details or even the operation of an oil pipeline. In some cases, it works, but in others, such as when rock group Radiohead were threatened with having hundreds of hours of music leak, they simply put the music out themselves, blunting the effect of the attack.

Triple Extortion works in this way as well but takes it a step further by contacting stakeholders, financial analysts, customers and the press that the company in question is a victim of a ransomware attack

The aim of this is to damage the victim’s reputation and stock value, thus increasing the leverage to pay the ransom.

This makes prevention and training staff to avoid attacks of this nature even more critical, preventing ransomware from being activated and being able to cause so much devastation and destruction.

Share: