Cybercriminals who specialise in ransomware have already been using double extortion tactics in which they not only decrypt stolen data but also threaten to leak it publicly unless the ransom is paid. Some attackers have progressed to a triple extortion tactic with the intent of squeezing out even more money from their malicious activities.

The number of organizations affected by ransomware so far this year has more than doubled, compared with the same period in 2020. Since April, average of 1,000 organizations impacted by ransomware every week.In 2020 ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019.

The healthcare sector has been seeing the highest volume of ransomware with around 109 attacks per organization each week. Amid news of a ransomware attack against gas pipeline company Colonial Pipeline, the utilities sector has experienced 59 attacks per organization per week. Organizations in the insurance and legal sector have been affected by 34 such attacks each week.

Triple extortion

The double extortion tactic has proven extremely popular and profitable among ransomware gangs. In which data got published on failure to pay the ransom

But, a tactic that started toward the end of 2020 and has continued into 2021, is triple extortion, the criminals send ransom demands not only to the attacked organization but to any customers, users or other third parties that would be hurt by the leaked data.

In one incident, 40,000-patient Finnish psychotherapy clinic Vastaamo was hit by a breach that led to the theft of patient data and a ransomware attack. As expected, the attackers demanded a healthy sum of ransom from the clinic. They also emailed the patients directly, demanding smaller sums of money or else they would leak their therapist session notes. Due to the breach and the financial damage, Vastaamo was forced to declare bankruptcy and ultimately shut down its business.

In another, REvil ransomware group announced that it was adding more tactics to its double extortion ploy, namely DDoS attacks and phone calls to the victim’s business partners and the media. Freely offered to affiliates as part of the group’s ransomware-as-a-service business, the DDoS attacks and voice-scrambled VoIP calls are designed to apply greater pressure on the company to cough up the ransom.

Third-party victims, such as company clients, external colleagues and service providers, are heavily influenced and damaged by data breaches caused by these ransomware attacks, even if their network resources are not targeted directly.