Quadruple Extortion  Ransomware

Uploaded on 2023-09-26 in TECHNOLOGY--Hackers, FREE TO VIEW

Quadruple extortion is based on a period of aggressive harassment of company-related actors, after the company has previously been subjected to a damaging attack. This is yet another technique with which cyber criminals seek to make as much profit as possible. 

In recent times, ransomware has become the predominant attack. Now, leading Spanish cyber security firm Entelgy Innotec Security analysed more than 7,000 cases of malware, including ransomware, Trojans, spyware across Spain over the course of 2022.

Their conclusion is that ransomware, phishing and DDoS attacks are the main cyber threats and that these exploits have become more effective, as a result of the specialization, sophistication and demand for cybercrime for hire, as a service. 

In addition, it is estimated that more than half of the companies that are attacked by ransomware agree to extortion. 

But how far can ransomware extortion go? The answer lies in quadruple extortion, which is already a reality.  
"Quadruple extortion is a technique used in ransomware cyberattacks whose objective is to maximise the monetisation capacity expected by the threat actor responsible for the campaign," explains Raquel Puebla, cyber intelligence analyst at Entelgy Innotec Security. 

With this new level of extortion, the aim is to ensure that the affected entity pays the ransom demanded by the attackers for the cyber attack, which is the ultimate goal of today's ransomware actors.

Therefore, "it is not understood as a cyber attack in itself, but as an additional layer to ransomware cyber attacks," Puebla sys. It is called quadruple extortion or fourth extortion stage because it usually takes place after three other stages that usually accompany these cyber attacks.

The Four Phases Of The Extortion Cycle

1.   Data encryption phase:   In most cases this involves a risk to the availability of the affected organisation's systems. In this case, the extortion consists of forcing the organisations to demand payment of the ransom so that they can regain access to the encrypted information. 

2.   Information leakage threat phase:   In this phase the attackers raise the level of extortion by threatening to publicly leak the information previously obtained during the compromise and encryption process, which in many cases results in the exposure of sensitive data or information that can entail all kinds of sanctions for the affected entity. This is known as Double Extortion. 

3.   Denial of Service (DDoS) campaign phase:   Which prevents users from accessing the affected organisation's resources, substantially increasing its losses by causing service unavailability. This model has come to be known as triple extortion and its use is very common in online commerce organizations. It prevents the achievement of sales. 

4.   Aggressive harassment phase:   Cyber criminals contact customers, employees and business partners of the affected organisation, as well as the media, to inform them that sensitive or confidential information associated with them has been compromised, for which they will first try to obtain data associated with users linked to the company from among the stolen information. 

"With this model, called quadruple extortion, the attackers intend that agents related to the organisation are the ones who promote that the entity agrees to pay extortion to remove the data breach that affects them," explains Puebla. 

The layers of extortion described work together to increase the losses of the organisation affected by the cyber attack, pressuring and wearing it down until it considers that the payment demanded by the cybercriminals is less costly than remedying the impact through the corresponding legal incident response channel. This is why cybercriminals are constantly trying to devise new extortion models to persuade their victims to make the demanded payment.

Early Detection 

There are several ways to prevent this type of cyber-attack and avoid irreversible damage. 

  • The detection of anomalous requests or connections from unknown or non-geolocated IP addresses in the employee's country or region of work are indications of suspicious activity, so it is highly recommended that all organisations establish monitoring activities on access to accounts, email addresses and corporate profiles.  
  • In addition, grammatical and spelling errors in e-mail messages that arrive in the user's mailbox, their origin from an unknown sender, and the inclusion of links to external websites or attachments can also be warning signs.
  • In the case of attachments, it may be advisable to scan them in anti-malware software before opening them, for example, and, if in doubt, it is always advisable not to open them. 
  • Other more obvious signs that could be observed at a later stage of the cyberattack could include unexpected changes in permissions, the appearance of blockages when accessing certain resources and even the appearance of a ransom note.

You Might Also Read: 

A New Approach To Cyber Security Helps Resist Extortion:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Severe Risks From Remote Access Exposure
US National Cyber Security Strategy Moves On »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

RKON

RKON

RKON Technologies provides managed IT and cybersecurity services to organizations across various industries, helping businesses mitigate risks and secure their digital infrastructures.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.