Security News > 2020 > April > ‘Double Extortion’ Ransomware Attacks Spike
Victims of ransomware attacks now face a double whammy of headaches.
The ransomware tactic, call "Double extortion," first emerged in late 2019 by Maze operators - but has been rapidly adopted over the past few months by various cybercriminals behind the Clop, DoppelPaymer and Sodinokibi ransomware families.
A November 2019 ransomware attack against Allied Universal, a large American security staffing company, set the precedent for "Double extortion." After the company was hit by a Maze ransomware attack, and refused to cough up the 300 Bitcoin ransom, the attackers threatened to use sensitive information extracted from Allied Universal's systems, as well as stolen email and domain name certificates, for a spam campaign impersonating Allied Universal.
Attackers using the Sodinokibi ransomware have created a "Happy Blog" where they have recently published details of ransomware attacks on 13 targets, as well as company information stolen from the targeted organizations.
"With their focus on coronavirus patients, addressing a double extortion ransomware attack would be very difficult. We issue caution to hospitals and large organization, surging them to back up their data and educate their staff."
News URL
https://threatpost.com/double-extortion-ransomware-attacks-spike/154818/
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)