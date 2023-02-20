As companies find solutions to attacks, cybercriminals create new techniques to overcome those barriers and become harder to detect. An example is what is happening with a new modality called triple extortion attack of ransomware.

Ransomware is translated as data hijacking, which means that criminals manage to access and take the information of a company, to then demand a ransom for it or keep it for other criminal activities.

The target for which attacks are usually initiated are end users. “They are not entering the final servers, but they are entering the user. The easiest way is to receive friendly emails or emails pretending to be an employee, a boss or some promotion,” he said. Javier Castrillon, engineer of veeam for northern Latin America.

But given the improvement of security systems, cybercriminals develop new strategies and one of them involves much stronger and more invasive management.

This is how the ransomware triple extortion attack with which criminals put pressure on users works.

The ransomware triple extortion attack

In this modality, they seek money, not only from organizations, but from any actor that may be involved. This is because companies are reaching high levels of defense and are able to recover the hijacked data without having to pay the ransom.

For example, if a company recovers the information and does not pay the requested money, the attackers expand to the point of blocking services, affecting users or associated organizations.

Normally, a ransomware has three layers of operation, first through data encryption, which is to take the information.

If this doesn’t work, it threatens to publish sensitive data. Now a third is added, which is pressure through calls, emails or with the Distributed Denial of Servicewhich is to collapse a website or a platform so that it does not operate.

A specific case was the one that occurred in a Finnish psychotherapy clinic. The criminals hacked into the clinic’s network and encrypted the data, but then reached out to patients with ransom demands threatening to release personal data about therapy sessions if the money was not paid.

How to avoid these attacks

The cybercriminals they will never stop and creating a 100% solution is almost impossible, so the best alternatives are to strengthen the culture of prevention and approach that 100% through different technologies.

Being aware that everyone is vulnerable is a great start, protecting end users by motivating them not to enter unknown pages and not give in to pressure is a way to fall for attacks.

All this backed up with strong data recovery processes and optimal response times to stop the advance of information hijacking.

One way to do this is by using technologies like immutabilitywhich allows that “the data will not be able to be modified by any entity external to the organization or a user that has been compromised,” he explains. Castrillon.

In this way, if the end user falls into the trap and the attack materializes, “the information will survive”.