Topics
Latest
AI
Amazon
Image Credits:Samuil Levich / Getty Images
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
widget
bet on
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
concealment
Robotics
surety
societal
Space
Startups
TikTok
transferral
speculation
More from TechCrunch
event
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Ransomware actors are increasingly rebuffing encryption-based attacks in favor of plain extortion. Here’s why it matters.
Cybercriminals are becoming more belligerent in their effort to maximize disruption and compel the payment of ransom money demand , and now there ’s a young extortion maneuver in play .
In other November , the ill-famed ALPHV ransomware gang , also know as BlackCat , attempted a first - of - its - form extortion manoeuvre : weaponizing the U.S. government ’s new data gap disclosure rulesagainst one of the gang ’s own victims . ALPHV filed a ailment with the U.S. Securities and Exchange Commission ( SEC ) , alleging that digital lending supplier MeridianLink failed to disclose what the gang called “ a important breach compromise client information and operational information , ” for whichthe gang took credit entry .
“ We need to bring to your attention a concerning issue regarding MeridianLink ’s conformity with the latterly adopted cybersecurity incident revealing rules , ” ALPHV wrote . “ It has come to our tending that MeridianLink has failed to register the requisite disclosure under Item 1.05 of Form 8 - thou within the stipulated four business Day , as mandated by the new SEC rules . ”
ALPHV ’s latest extortion effort is the first good example of what is expected to be a trend in the come monthsnow that the ruler have accept effect . While novel , this is n’t the only strong-growing manoeuvre used by ransomware and extortion gangs .
Hackers typically known for deploying ransomware have increasingly change to “ twofold extortion ” manoeuvre , whereby in addition to encrypting a victim ’s data , the gang menace to print the stolen files unless a ransom money requirement is paid . Some are going further with “ tripleextortion ” attacks , which — as the name hint — hackers utilize a three - branched approaching to extort money from their victims by extending threats and ransom money need to customers , supplier and associates of the original dupe . These tactics were used by the hackers behind thewide - reaching MOVEit mass - cab , which stands as a primal outcome in the movement toward encoding - less extortion attempts .
While ambiguous definition might not seem like the biggest cybersecurity issue facing organisation today , the distinction between ransomware and extortion is important , not least because defending against these two type of cyberattacks can vary wildly . The distinction also helps policymakers know which way ransomware is slew and whether counter - ransomware policy are work .
What’s the difference between ransomware and extortion?
The Ransomware Task Forcedescribesransomware as an “ evolving grade of cybercrime , through which criminals remotely compromise computer systems and demand a ransom in return for restoring and/or not disclose data point . ”
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
In realism , ransomware attacks can fall on a spectrum of impingement . Ransomware expert Allan Liska , menace intelligence psychoanalyst at Recorded Future , and Brett Callow , terror psychoanalyst at Emsisoft , shared in an analysis with TechCrunch that this broad definition of ransomware can utilize to both “ scammy ‘ we download the contents of your insecure Elasticsearch instance and want $ 50 ’ onrush ” to disruptive “ terror - to - spirit encryption - base attacks on hospital . ”
“ Clearly , though , they ’re very unlike animals , ” said Liska and Callow . “ One is an opportunistic porch pirate who steals your Amazon delivery , while the other is a team of fierce criminals who discover into your dwelling and terrorize your family before making off with all your possession . ”
The researchers say there are law of similarity between “ encrypt - and - extort ” attacks and “ extortion - only onslaught , ” such as their reliance on brokers that sell admission to breached networks . But there are also significant distinctions between the two , particularly on a victim ’s clients , marketer and customers , whose own sensitive data point can be caught up in extortion - only attacks .
“ We see this playact out repeatedly , where a terror player will sort out through stolen data to find the largest or most recognized organization they can find and claim to have successfully attacked that organization . This is not a newfangled tactic , ” say Liska and Callow , refer an model of how one ransomware gang declared that it had hacked a major tech giant , when in fact it had stolen information from one of its lesser - known technology vendor .
“ It is one matter to keep an attacker from cipher the files on your connection , but how do you protect your entire data provision chain ? ” said Liska and Callow . “ In fact , many organizations are n’t thinking about their data point supply range … but each point in that supply range is vulnerable to a data theft and extortion attack . ”
A better definition of ransomware is needed
While authorities have long discouraged hacked organizations from pay ransom demands , it ’s not always an easy decisionfor hack - strike businesses .
In encrypt - and - extort attack , company have the option to yield the ransom demand to get a winder that decrypts their filing cabinet . But when make up drudge employing fast-growing extortion tactics to delete their stolen files , there is no warrantee that the hackers in reality will .
This was demonstrate inthe late ransomware plan of attack against Caesars Entertainment , which paid off the hack in a bid to preclude the revealing of steal data . By its own accession , Caesars told regulator that , “ We have film stride to ensure that the stolen information is deleted by the unauthorised thespian , although we can not guarantee this outcome . ”
“ In fact , you should assume they wo n’t , ” said Liska and Callow , referring to claims that hackers blue-pencil stolen data .
“ A good definition of ransomware , which accounts for the note between the different type of attack , will enable organization to full plan for , and react , to any character of ransomware plan of attack , whether it occurs inside their own or in a third political party ’s electronic connection , ” tell Liska and Callow .
Do government sanction against ransomware radical go ?
