RANSOMWARE'S PERFECT STORM: INSIDE THE RISE OF DOUBLE EXTORTION HOW COVID-19 CREATED A GOLD MINE FOR CYBER CRIMINALS
By Phil Lombardo Cyber Insurance Specialist Evolve MGA
2020 was a hacker's dream. Overnight, millions of
Ransomware attackers became more and more
Americans traded in business casual for sweatpants,
sophisticated over the next 30 years, but their end
and peace of mind for fear and uncertainty. The result?
goal remained the same… encrypt files and demand a
A 715% increase in ransomware attacks compared to
ransom to unlock them.
2019 (per Bitdefender). Companies began to grow more aware of their In this article, we will discuss the rise of double
extortion exposure and created digital and physical
extortion attacks, why COVID-19 created a perfect
backups of critical data to mitigate the hacker’s
landscape for cybercrime, and finally, how companies
negotiating power. Then everything changed
can best protect themselves moving forward.
in 2019 with the introduction of Maze Ransomware and “double extortion.”
Pre-Pandemic: The Rise of Double Extortion Maze, the first ransomware strain known to exfiltrate The first documented ransomware virus, known as
private data before encryption, was discovered in
the AIDS Trojan or PC Cyborg, was created in 1989 by
May of 2019 by Malwarebytes Director of Threat
evolutionary-biologist Dr. Joseph L. Popp. Leading up to
Intelligence Jérôme Segura.
the World Health Organization’s International AIDS Conference in Stockholm, Sweden, Popp gained access
Before encrypting the victim’s files, this strain copied
to an event mailing list, and distributed more than
and exfiltrated as many files as possible, giving
20,000 infected floppy disks to potential attendees.
hackers an unprecedented leg up in negotiations. You don’t want to pay our ransom demand? Fine,
The disks, labeled “AIDS Information – Introductory
we’ll expose all your clients’ personal information onto
Diskettes,” contained malicious code that locked files
the dark web.
and demanded victims send $189 to a PO Box in Panama if they wanted to unlock their data. Experts
These attacks, which picked up steam exponentially
quickly created decryption tools to beat Popp’s virus,
during the second half of 2019, introduced a massive
but the damage was done; in 1989, digital extortion was
new layer of costs to ransomware victims in the form
born.
of increased reputational harm and wide-scale privacy violation fines and penalties.
BIG I ARKANSAS