In 2020 ransomware victims paid over $350 million in ransom to cybercriminals—a 311% increase over the prior year—according to a 2021 report from the Ransomware Task Force. And the tactics used by the attackers are ever-evolving, designed to make their attempts more successful and profitable.
While not necessarily new, double encryption ransomware is one tactic that has seen an increase. Previous attempts usually involved cybercriminal groups combining forces for a coordinated attack on an organization. However, this time around, the strategy is different.
What is Double Encryption Ransomware
Double encryption is a variant of double extortion. Many double extortion attempts involve a ransom demand to unlock data, followed by a threat to release sensitive data unless an organization pays a second ransom. The key in both double encryption and double extortion is that there are two distinct ransom attempts.
Recent months have brought about an increase in double encryption ransomware attacks. These attacks have centered around two models.
- In the first, a criminal group encrypts an organization’s data and extracts a ransom only for the victim to discover that a different type of malware also encrypts their data. Sometimes, the victim is aware of both encryptions; other times, targets are notified only after paying the ransom for the first encryption.
- With the second model, criminals encrypt half of an organization’s data with one type of malware and the remaining data with another malware program. Again, sometimes victims are aware of both encryptions up front; in other cases, they only become aware after paying the first ransom.
A helpful analogy might be thieves returning to the same house because the initial robbery was fruitful, and access to the home was easy enough.
When faced with a ransomware demand, it might be tempting to pay it. Yet, there is no guarantee that the attackers will provide the encryption key—or that they are not also planning to spring another encryption on your organization.
Remember, there is no honor amongst thieves, and cybercriminals will use whatever strategy nets them the most profit. That is why law enforcement recommends that victims do not pay ransoms. Acquiescing to the demands of ransomware extortionists only feeds the fire and escalates the threat to us all.
How to Safeguard Your Organization
Cybersecurity experts recommend implementing a secure offsite backup system as the most effective way for your organization to combat ransomware—double encryption attempt or not. No matter what, a cyberattack will be a disruption to your business. Still, a robust backup system will allow your organization to get up and running without relying on cybercriminals to be trustworthy and incomplete or corrupted data from frequently faulty de-encryption methods. A secure backup system also provides the option for your organization to choose not to comply with the ransom demands, which is, again, the recommended response according to law enforcement.
In considering or evaluating an existing backup system, make sure to utilize the best practices for backup systems:
- Implement and regularly test your organization’s backup system. Backups are only as effective as your ability to restore from them. A reliable backup system should not be “set it and forget it.”
- Backups should be securely stored and not accessible via your organization’s network to safeguard them from cybercriminals.
- Prepare a contingency and restoration plan that can be put into action if the worst happens.
Backup and Disaster Recovery Solution
Coretelligent is a leader in backup and disaster recovery. Our CoreBDR solution provides high-performance, highly secure data protection to maintain business continuity, no matter the source of the data loss—whether natural disaster, accident, or cybercrime. CoreBDR protects all types of data: including massive, complex, and rapidly growing data sets with unprecedented recovery times, scalability, and security.