Ransomwares Perfect Storm: Inside the Rise of Double Extortion

How COVID-19 Created a Gold Mine for Cyber Criminals

2020 was a hacker’s dream. Overnight, millions of Americans traded in business casual for sweatpants, and peace of mind for fear and uncertainty. The result? A 715% increase in ransomware attacks compared to 2019 (per Bitdefender).

In this article, we will discuss the rise of double extortion attacks, why COVID-19 created a perfect landscape for cybercrime, and finally, how companies can best protect themselves moving forward.

Pre-Pandemic:  The  Rise  of  Double  Extortion The first documented ransomware virus, known as the AIDS Trojan or PC Cyborg, was created in 1989 by evolutionary-biologist Dr. Joseph L. Popp. Leading up to the World Health Organization’s International AIDS Conference in Stockholm, Sweden, Popp gained access to an event mailing list, and distributed more than 20,000 infected floppy disks to potential attendees.

The disks, labeled “AIDS Information – Introductory Diskettes,” contained malicious code that locked files and demanded victims send $189 to a PO Box in Panama if they wanted to unlock their data. Experts quickly created decryption tools to beat Popp’s virus, but the damage was done; in 1989, digital extortion was born.

Ransomware attackers became more and more sophisticated over the next 30 years, but their end goal remained the same… encrypt files and demand a ransom to unlock them. Companies began to grow more aware of their extortion exposure and created digital and physical backups of critical data to mitigate the hacker’s negotiating power. Then everything changed in 2019 with the introduction of Maze Ransomware and “double extortion.”

Maze, the first ransomware strain known to exfiltrate private data before encryption, was discovered in May of 2019 by Malwarebytes Director of Threat Intelligence Jérôme Segura.

Before encrypting the victim’s files, this strain copied and exfiltrated as many files as possible, giving hackers an unprecedented leg up in negotiations. You don’t want to pay our ransom demand? Fine, we’ll expose all your clients’ personal information onto the dark web.

These attacks, which picked up steam exponentially during the second half of 2019, introduced a massive new layer of costs to ransomware victims in the form of increased reputational harm and wide-scale privacy violation fines and penalties.