30 July 2024
The Rise of Triple Extortion Ransomware: What is it and why is it so profitable?
It's no secret that cyber-attacks have been on the rise in recent years, with ransomware being one of the most prevalent forms of attack. Ransomware is a type of malware that encrypts a company's files or locks its computer hardware, rendering it unusable until a ransom is paid to the attacker. In the past, businesses could often restore their data from backups, making it possible to avoid paying the ransom. However, cybercriminals have evolved their tactics, resulting in the emergence of triple extortion ransomware.
According to Former UK Government Intelligence Specialist Matt Lane, triple extortion ransomware is now one of the greatest cyber threats facing organisations. It involves not only locking up files or hardware but also exfiltrating sensitive data from the hacked network. The attacker then threatens to publish or sell the stolen data if the ransom is unpaid. This creates a huge challenge for companies, as they not only have to replace their hardware and restore their data from backups but also face the potential exposure of sensitive information.
Triple extortion ransomware is now one of the greatest cyber threats facing organisations
High-profile targets and rising ransom payments
Cybercriminals have targeted numerous companies, including Royal Mail, the US Marshals Service, Capita, the City of Dallas, MOVEit, Barts Health NHS Trust, and MGM Resorts, among thousands of others.
While ransom demands are occasionally made public, settlements are rarely disclosed. However, average ransomware payments have surged in the past year to reach an average of USD2 million per payment. Cybercriminals are constantly innovating and evolving their attack methods, making it essential for companies to stay vigilant and implement robust cybersecurity measures.
Companies that handle large amounts of personally identifiable information, such as online retailers, healthcare providers, hotels, or travel companies, face serious consequences if their internal datasets are leaked. Within the UK, this can result in GDPR fines, which can go up to GBP17.5 million or 4% of the company's global annual revenue, whichever is higher. Additionally, organisations face the risk of security and privacy liability class action lawsuits, where the affected data subjects can demand a settlement.
Vulnerabilities in the Manufacturing and Technology Sectors
Manufacturing companies are also at risk, as downtime can lead to business interruption, potential contract breaches, and lost revenue. Technology companies and other organisations with sensitive intellectual property, such as source codes or research and development data, can lose their competitive advantage as these are published online and find their way into their competitors' hands to pore over.
Telecommunications service provider AT&T is one of the latest firms to be in the line of fire after it announced a massive data breach on 30 March 2024 involving the sensitive data of 73 million current and former customers. The firm is now facing multiple lawsuits after it found the data set on the dark web, which included social security numbers and passcodes.
Most recently, “triple extortion” tactics have included threats of swatting made directly to senior executives at the ransomed organisation and also to the organisations’ clients whose details were leaked in the data breach. Swatting is an act of harassment involving the false reporting of a violent emergency situation, leading to a law enforcement response, such as the police arriving at a person’s address in the belief that there has been a shooting or someone is being held hostage. In some instances, this has resulted in fatalities.
“The rise of double and triple extortion ransomware is a serious threat to companies of all industries and sizes. In cyber, attackers need only be successful once, whereas defenders need to be successful all the time. Inevitably things will slip through the cracks, whereupon cyber insurance is the ultimate safety net providing financial support and expertise to get the business back up and running.”
Archie Nelson Account Executive, Technology & Cyber Practice Gallagher Specialty
The Walbrook Building 25 Walbrook London, EC4N 8AW
Let's talk
Arthur J. Gallagher (UK) Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: The Walbrook Building, 25 Walbrook, London EC4N 8AW. Registered in England and Wales. Company Number: 119013.