{"id":21711,"date":"2024-09-27T16:56:49","date_gmt":"2024-09-27T15:56:49","guid":{"rendered":"https:\/\/interface.media\/?p=21711"},"modified":"2024-09-27T16:56:55","modified_gmt":"2024-09-27T15:56:55","slug":"new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive","status":"publish","type":"post","link":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/","title":{"rendered":"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive"},"content":{"rendered":"\n

Having evolved from a basic premise of locking down a victim’s data with encryption, then demanding a ransom for its release, research now suggests that ransomware will cost around $265 billion (USD) annually by 2031, with a new attack (on a consumer or business) every two seconds<\/a>.<\/p>\n\n\n\n

Against such a pervasive threat, businesses have sought to better prepare themselves against attacks<\/a>.\u00a0 They have developed an array of tools, including better backup management, incident recovery procedures, business continuity and recovery plans. Together, they have all made the encryption of victims\u2019 data less profitable.<\/p>\n\n\n\n

In addition, security researchers together with national bodies such as the Cybersecurity and Infrastructure Security Agency (CISA) have made substantial progress in identifying the weaknesses in the methods used by attackers, in order to develop decryption solutions. No More Ransomware<\/a>, promoted by Europol, the Dutch police, and other stakeholders lists approximately one hundred such tools.<\/p>\n\n\n\n

In response to these developments, attacker groups are reconsidering their strategy. Rather than risk detection by encrypting valuable data, they now prefer to extract as much information as possible. Then, they threaten to divulge it. Ransomware has become extortion.<\/p>\n\n\n\n

Re-energising the threat of publication<\/h3>\n\n\n\n

The potential public disclosure of sensitive information is the core of leveraging fear to pressure victims into paying a ransom. The reputational damage<\/a> and financial repercussions of a data breach can be devastating.\u00a0<\/p>\n\n\n\n

Ransomware gangs have recognised the potential for damage to a brand or group\u2019s reputation simply by being mentioned on the ransomware operators\u2019 sites. A study found that the stock market value of the companies named in a data leak falls by an average of 3.5% within the first 100 days following the incident and struggles to recover thereafter. On average, the companies surveyed can lose 8.6% over one year.<\/p>\n\n\n\n

This threat of loss based on association, now quantified and in the hands of cybercriminals has become an effective tool.<\/p>\n\n\n\n

Operational disruption and revenue loss<\/h3>\n\n\n\n

Modern businesses rely heavily on digital systems for daily operations. A ransomware attack can grind operations to a halt, disrupting critical functions like sales, customer service, and production.<\/p>\n\n\n\n

 This disruption translates to lost revenue, employee downtime, and potential customer dissatisfaction. The longer the disruption lasts, the greater the financial impact becomes. Attackers exploit this vulnerability, pressuring victims to pay the ransom quickly to minimize their losses. And they do this most effectively by recognising key operational data. <\/p>\n\n\n\n

This then evolves as a ransomware attack on one company can ripple through its entire supply chain. Suppliers and distributors may be unable to access essential data or fulfil orders. This leads to delays and disruptions across the supply chain.\u00a0<\/p>\n\n\n\n

Knowledgeable attackers now target a single company as a gateway to extort multiple entities within the supply chain, maximising their leverage and potential payout.<\/p>\n\n\n\n

Brand Damage at the regulatory level<\/h3>\n\n\n\n

Brazen ransomware groups have already realised the value in making direct contact with<\/p>\n\n\n\n

end-users or companies that are the customers of their targets as it enables the operators to increase pressure.<\/p>\n\n\n\n

However, one new avenue of this direct attack on brand reputation is for the gangs to connect with the authorities.  In November 2023, the ALPHV\/BlackCat ransomware gang filed a complaint with the United States Securities and Exchange Commission (SEC) regarding their victim, MeridianLink.<\/p>\n\n\n\n

In mid-2023, the SEC adopted new requirements for notifying data leaks effective from September 2023. One of these rules requires notification within four business days of any data leak from the moment it is confirmed. Not only did ALPHV\/BlackCat take control of the trajectory of the extortion, but they also even circulated the complaint form among specialist forums as part of a promotional campaign.<\/p>\n\n\n\n

Targeting the most vulnerable <\/h3>\n\n\n\n

Ransomware gangs are not above using sophisticated, customised extortion strategies on the most vulnerable sectors. Healthcare has long been a key target \u2013 there is a step change in urgency when critical medical procedures may be delayed if ransom is not paid. <\/p>\n\n\n\n

Just a few months after the international Cronos Operation, the Lockbit group claimed a new victim in the healthcare sector. The Simone-Veil hospital in Cannes suffered a data compromise, adding to the extensive list of attacks conducted in recent months by other ransomware players against the university hospitals of Rennes, Brest and Lille.<\/p>\n\n\n\n

Once the data had been extracted from the hospital on April 17, 2024, an announcement concerning their compromise was made on Lockbit\u2019s showcase site on April 29, 2024. According to the cybercriminals\u2019 terms, the hospital had until midnight on May 1, 2024, to pay the ransom.<\/p>\n\n\n\n

The lesson here is that attackers exploit the vulnerabilities and pain points specific to each industry, making their extortion tactics more potent. And they do so with no consideration for the victims.<\/p>\n\n\n\n

Ransomware attacks are now more than just data encryption schemes. They are sophisticated operations that exploit a range of vulnerabilities to extract maximum leverage from victims. By understanding the multifaceted nature of ransomware extortion, businesses and individuals can develop a more robust defence against this growing threat.<\/p>\n","protected":false},"excerpt":{"rendered":"

Jacques de la Riviere, CEO at Gatewatcher, takes a look at the intersection of new technologies and tactics transforming the shadowy world of ransomware. <\/p>\n","protected":false},"author":480,"featured_media":21712,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"apple_news_api_created_at":"2024-09-27T15:56:53Z","apple_news_api_id":"827a61b0-4303-46da-a177-d072da6252b4","apple_news_api_modified_at":"2024-09-27T15:56:53Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AgnphsEMDRtqhd9By2mJStA","apple_news_cover_media_provider":"image","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_cover_video_id":0,"apple_news_cover_video_url":"","apple_news_cover_embedwebvideo_url":"","apple_news_is_hidden":"","apple_news_is_paid":"","apple_news_is_preview":"","apple_news_is_sponsored":"","apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[3],"tags":[],"topic":[613],"class_list":["post-21711","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-interface","topic-cybersecurity"],"acf":[],"apple_news_notices":[],"yoast_head":"\nNew levels, new devils: the multifaceted extortion tactics keeping ransomware alive - Interface<\/title>\n<meta name=\"description\" content=\"Jacques de la Riviere, CEO at Gatewatcher, takes a look at the intersection of new technologies and tactics transforming ransomware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive\" \/>\n<meta property=\"og:description\" content=\"Jacques de la Riviere, CEO at Gatewatcher, takes a look at the intersection of new technologies and tactics transforming ransomware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/\" \/>\n<meta property=\"og:site_name\" content=\"Interface\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-27T15:56:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-27T15:56:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1254\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dan Brightmore\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan Brightmore\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/\",\"url\":\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/\",\"name\":\"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive - Interface\",\"isPartOf\":{\"@id\":\"https:\/\/interface.media\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg\",\"datePublished\":\"2024-09-27T15:56:49+00:00\",\"dateModified\":\"2024-09-27T15:56:55+00:00\",\"author\":{\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\"},\"description\":\"Jacques de la Riviere, CEO at Gatewatcher, takes a look at the intersection of new technologies and tactics transforming ransomware.\",\"breadcrumb\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#primaryimage\",\"url\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg\",\"contentUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg\",\"width\":1254,\"height\":836,\"caption\":\"Hacker using old computer set looking for targets\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/interface.media\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/interface.media\/#website\",\"url\":\"https:\/\/interface.media\/\",\"name\":\"Interface\",\"description\":\"Delivering World Class Content \u201cFrom Executive, For Executive\u201c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/interface.media\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\",\"name\":\"Dan Brightmore\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"caption\":\"Dan Brightmore\"},\"url\":\"https:\/\/interface.media\/blog\/author\/dbrightmore\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive - Interface","description":"Jacques de la Riviere, CEO at Gatewatcher, takes a look at the intersection of new technologies and tactics transforming ransomware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive","og_description":"Jacques de la Riviere, CEO at Gatewatcher, takes a look at the intersection of new technologies and tactics transforming ransomware.","og_url":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/","og_site_name":"Interface","article_published_time":"2024-09-27T15:56:49+00:00","article_modified_time":"2024-09-27T15:56:55+00:00","og_image":[{"width":1254,"height":836,"url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg","type":"image\/jpeg"}],"author":"Dan Brightmore","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dan Brightmore","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/","url":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/","name":"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive - Interface","isPartOf":{"@id":"https:\/\/interface.media\/#website"},"primaryImageOfPage":{"@id":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#primaryimage"},"image":{"@id":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#primaryimage"},"thumbnailUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg","datePublished":"2024-09-27T15:56:49+00:00","dateModified":"2024-09-27T15:56:55+00:00","author":{"@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748"},"description":"Jacques de la Riviere, CEO at Gatewatcher, takes a look at the intersection of new technologies and tactics transforming ransomware.","breadcrumb":{"@id":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#primaryimage","url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg","contentUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/09\/iStock-1490466987.jpg","width":1254,"height":836,"caption":"Hacker using old computer set looking for targets"},{"@type":"BreadcrumbList","@id":"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/interface.media\/"},{"@type":"ListItem","position":2,"name":"New levels, new devils: the multifaceted extortion tactics keeping ransomware alive"}]},{"@type":"WebSite","@id":"https:\/\/interface.media\/#website","url":"https:\/\/interface.media\/","name":"Interface","description":"Delivering World Class Content \u201cFrom Executive, For Executive\u201c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/interface.media\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748","name":"Dan Brightmore","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","caption":"Dan Brightmore"},"url":"https:\/\/interface.media\/blog\/author\/dbrightmore\/"}]}},"_links":{"self":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/users\/480"}],"replies":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/comments?post=21711"}],"version-history":[{"count":1,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21711\/revisions"}],"predecessor-version":[{"id":21713,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21711\/revisions\/21713"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media\/21712"}],"wp:attachment":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media?parent=21711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/categories?post=21711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/tags?post=21711"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/topic?post=21711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}