The Rise of Ransomware – Double and Triple Extortion – 2023 Threat Prediction

Double extortion ransomware is an attack where nefarious cyber attackers not only encrypt an organisation’s sensitive data, but also exfiltrate it with the additional threat that the data will be leaked to competitors, clients, or the public.  

This strategy generally creates additional leverage that the cyber attackers use, when pushing the victim for a ransom to be paid.   

It also adds another challenge for cyber defenders to consider because even if an organisation can restore its network via its backups, the problem of data being made public is no trivial matter. We should therefore be focusing not only on preventing ransomware outbreaks but also on detecting and preventing data exfiltration.  

2023 And Beyond 

According to security vendor Proofpoint, there was only one recorded case of double extortion in 2019. By early 2021, 77% of ransomware attacks involved threats to leak data. This year, we are seeing reports of triple extortion, where cyber attackers are also requesting payments from individuals within the data sets of the companies they compromised.  

Ransomware attacks are becoming more aggressive and are more damaging to unprepared organisations.  

Our View 

Fraudsters have evolved their attack methods and business models with the maturity of the cybercrime industry itself. According to Forbes, by 2023, the damages due to ransomware attacks are expected to increase to $30 billion globally. Preparing for an attack is the first step to tackling this threat. Ensuring that cyber security maturity is at the level required to act as the first line of defence is the key.  

“The ransomware ecosystem will continue to grow, and we expect to see more mature and sophisticated code year after year. Criminal gangs will continue to use phishing attacks as their main weapon against business and personal emails. The delivery model for malicious code would also focus on other collaboration channels widely used within any organisation like Slack, Teams, and One Drive…”

– Arjun Pednekar, CREST Fellowship and CTO of Cognisys.  

Mitigation Advice 

1. Increase security awareness by educating employees about the dangers of phishing attacks via focused security awareness training. Encourage staff to be vigilant. Measure its effectiveness and your readiness via simulated-phishing attacks. 
2. Keep systems up to date, patched and follow your vendor’s advice and security update feeds.  
3. Deploy endpoint detection and response software and fine-tune it to reduce noise not related to a genuine attack. 
4. Keep your backups ready, which should be encrypted and stored in a secure location, with restricted access.  

For more information on how to mitigate this threat, get in touch with us at info@cognisys.co.uk.