Security Series: ‘Double or nothing’. The new threat of ransomware double encryption
In a world still facing uncertainty, the only certainty is that ransomware attacks will continue to grow and evolve. The reason is simple: ransomware is a very successful business model for attackers.
Attackers are constantly finding new ways to evolve their methods, one of which you can think of as an upgrade to an already troubling threat — double encryption ransomware.
Double encryption, double the trouble
Ransomware groups have become increasingly more aggressive in extorting their targets. If a target pays the ransom demand and goes back to business as usual, the attackers can decide to return, encrypt a second time and threaten to leak or destroy stolen data if they aren’t paid again. This, at its heart, is the threat of double encryption. If you’ve paid the ransom once, what’s to say that attackers won’t encrypt again and expect you to pay a second time?
Double encryption is a huge asset for a business that harnesses it for security purposes. But it can become a real problem if used in the wrong hands. When data is double encrypted, it requires more than one decryption key to be unlocked. This means attackers are now able to collaborate with other attackers to hold multiple decryption keys, making it extra difficult and extra expensive for their targets.
The target of this particular attack may not even be aware that they’ve fallen into a double encryption trap, and may agree to pay the first ransom demand to get their data back, only to realise that the key they receive only unlocks the first layer of encryption. This kicks in the second demand for ransom, which forces the target to pay exorbitant amounts of money. Or risk losing their data and the money they have already paid.
Can your business afford to pay a double ransom?
If you get hit by a ransomware attack, you may find yourself faced with a difficult decision. If you decide to pay the ransom, you need to be aware of the possibility that attackers may not supply a decryption key as promised. Unfortunately, the rise of double encryption raises the additional risk that once you’ve paid, your files could get encrypted again so you would need to pay yet again to get the second key, which you’re still not guaranteed to get.
A well-timed ransomware threat can cause complete devastation for almost any business, forcing business owners to take a risk with large sums of money. The equally unappealing alternative is to reject the hackers demands, lose the data and reconstruct systems from scratch. Either way, business owners stand to lose significant time and resources to double encryption attacks, especially if they do not have reliable backups in place.
When it comes to threats, you need to make sure your business and employees are constantly up-to-date with the latest potential threats. Download our free ebook, ‘Cybersecurity: Smart threats need a smarter defence’, which helps you understand these threats and how to better safeguard against them.
You’ll thank yourself later for the secure backups you make now
In order to get back up and running quickly after any kind of attack, your business needs to be prepared. In terms of successfully recovering from a ransomware attack, without paying the ransom, that preparation has to include multiple layers of backup security.
By backing up your data using SSL-encryption (Secure Sockets Layer – the standard protocol for establishing secure, encrypted communication), via a highly-available cloud storage service that’s separated from your production environment, you can recover all of your critical operational information in the event of a double encryption threat.
Easy recovery starts with a plan
Even though the double encryption attack is relatively new, it certainly won’t be the last or most advanced attempt that attackers will make at accessing your data. So your business needs to make sure that the proper defence strategies are in place to shield your valuable data from opportunistic eyes. The best way to prepare for practically any type of cyber attack is to ensure that you have multiple backups of your data stored in safe places where only you can access them — double or nothing.