Security News > 2020 > April > Double Extortion: Ransomware's New Normal Combining Encryption with Data Theft
The first published example of a double extortion attack, according to Check Point Research, came with the attack against Allied Universal in November 2019.
In a later post on a Russian underground forum, they posted a link to "10% of data we have exfiltrated." They added, "We give them 2 weeks until we send other 90% of data to wikileaks. Other 90% is a quite interesting part... Time is ticking."
"Maze," say the Check Point researchers, "Has since published the details of dozens of companies, law firms, medical service providers and insurance companies who have not given in to their demands. It is estimated that many other companies avoided publication of their sensitive data by paying the ransom demanded."
Additional attackers that have joined the trend, says Check Point, "Include Clop ransomware, Nemty, DopplelPaymer Mexican Oil Company Pemex Hit by Ransomware and more. Information published on these sites was soon found to be offered for sale by the ransomware group itself or by other criminals who collected the data from the dumpsites."
It may be that the evolution of double extortion is the natural evolution of ransomware - first from consumer attacks to targeted business attacks, and now with the added double jeopardy of data blackmail.