Quote:Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes.
Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.
“As the numbers reflect a golden attack technique, which combines both a data breach and a ransomware threat, it is clear that attackers are still seeking methods to improve their ransom payment statistics, and their threat efficiency,” Check Point said.
Researchers said the first case of triple extortion they observed in the wild was in October, when a Finnish psychotherapy clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they too paid up.
Meanwhile in February, the REvil ransomware gang started adding distributed-denial-of-service (DDoS) attacks and threatening phone calls aimed at their victims’ business associates — and even calls to journalists to ratchet up the pressure to pay.
“Third-party victims, such as company clients, external colleagues and service providers, are heavily influenced and damaged by data breaches caused by these ransomware attacks, even if their network resources are not targeted directly,” Check Point said. “Whether further ransom is demanded from them or not, they are powerless in the face of such a threat, and have a lot to lose should the incident take a wrong turn. Such victims are a natural target for extortion and might be on the ransomware groups’ radar from now on.”
Double-extortion is a common pressure tactic used by ransomware groups where they encrypt a victim’s data but add even more pressure to pay up with threats to publish sensitive data and make it available to the public.
Read more: Ransomware’s New Swindle: Triple Extortion | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
