Cybercriminals are evolving their tactics, and a new extortion tactic has emerged, escalating the threat landscape.
Key Takeaway
The emergence of new extortion tactics, including leveraging government regulations, and the shift towards double and triple extortion strategies, highlights the evolving and increasingly aggressive nature of cybercrime, necessitating a reevaluation of defense and response mechanisms.
ALPHV’s First-of-its-Kind Extortion Tactic
In a bold move, the ALPHV ransomware gang, also known as BlackCat, utilized a new extortion tactic by leveraging the U.S. government’s data breach disclosure rules against one of their victims, digital lending provider MeridianLink. ALPHV filed a complaint with the U.S. Securities and Exchange Commission (SEC), alleging that MeridianLink failed to disclose a significant breach compromising customer data and operational information, for which the gang took credit.
Shifting Tactics: Double and Triple Extortion
Ransomware tactics have evolved to include “double extortion” and “triple extortion” approaches. In double extortion, hackers threaten to publish stolen files in addition to encrypting a victim’s data, while triple extortion involves extending threats and ransom demands to customers, suppliers, and associates of the original victim. These tactics were employed by the hackers behind the MOVEit mass-hacks, signifying a concerning trend towards encryption-less extortion attempts.
Distinguishing Ransomware and Extortion
It is crucial to differentiate between ransomware and extortion, as defending against these cyberattacks requires distinct strategies. The Ransomware Task Force defines ransomware as a form of cybercrime where criminals compromise computer systems and demand a ransom in return for restoring and/or not exposing data.
The Need for a Better Definition of Ransomware
There is a growing need for a clearer definition of ransomware, one that accounts for the various types of attacks. This would enable organizations to better prepare for and respond to any form of ransomware attack, whether it originates within their own network or a third party’s.