Understanding Ransomware Double, Triple, and Quadruple Extortion With Brad LaPorte

In this episode of CHATTIN CYBER, Marc Schein interviews Brad LaPorte, former top-rated Gartner Analyst for cybersecurity, veteran US Cyber Intelligence, and product leader at Dell, IBM, and several startups. He is currently the Advisor at Lionfish Tech Advisors and Partner at High Tide Advisors, apart from being the Board Advisor at 4 early-stage startups – NetRise, rThreat, RunSafe Security, and TBD. He is also the author of the recently released cybersecurity book, The Rise Of Cybercrime. Today, he discusses the reasons for the increasing number of ransomware attacks worldwide and the measures to avoid or mitigate the risks from the same.

Explaining the increasing number of ransomware attacks, Brad shares that these days, all that is required to extort money from organizations is access to a keyboard on the internet. The barrier of entry to systems has been reduced. Additionally, over 98% of ransomware is paid out in Bitcoin, which is difficult to track. Starting November 2019, double, triple, and quadruple extortion tactics have started to be used, which has also added to this.

Double, triple, and quadruple extortion tactics can be explained hence:

  1. Double extortion is the exfiltration of sensitive data. So, companies are forced to pay the attackers despite having the encryption key or backup data.
  2. Triple extortion is when attackers disrupt the critical operations of organizations involved in, say, manufacturing, healthcare, or education. The criticality of the attack makes organizations highly likely to pay the attackers.
  3. Quadruple extortion is when attackers directly attack your customers or key stakeholders also. Also called supply chain attacks, they are like a force multiplier and cause an exponential increase in the damages.

Answering the question of whether or not to pay when ransomware attackers demand you to, Brad explains that one must try their best not to unless they’re left with no other choice. He also touches on the best cybersecurity practices to follow to mitigate the risks due to the attack, like the 12 key controls given by Marc around cyber resilience. He adds that even though the actual amount paid to ransomware attackers is coming down over time, the number of threat actors is increasing with the decrease in their barriers of entry.

One of the most overlooked reasons for cyberattacks is that over half of the organizations worldwide don’t know about the assets they have in their environment, the third-party vendors and other organizations associated with them, and over 75% manage everything through an Excel spreadsheet as their asset inventory database.

page1image62169536 page1image62163584

Care must be taken to ensure organizations are well aware of their assets, as these could be one of the easiest ways for attacks to happen.

For more, tune in to today’s episode!

Highlights:

“In trying to extort money from organizations, ultimately, all you need is access to a keyboard on the internet. So if you look at some of them (attackers), the people that can actually wreak havoc on organizations are quite vast.”

“Even though the actual numbers of payments are going down and declining… The amount of groups are increasing because of that low barrier of entry and actually increasing it over time. ”

“Over half of (the) organizations don’t know what assets they have in their environment, and over 75% actually manage everything out of an Excel spreadsheet as their asset inventory database.”

Time-Stamps:

[02:33] – Why are ransomware attacks increasing?
[07:15] – Should you or should you not pay when ransomware attacks require you to? [09:45] – The biggest things around cybersecurity being ignored right now
[12:49] – Get in touch with Cory

Connect with Brad:

Website: https://www.linkedin.com/in/brad-laporte/