"Ransomware Operators Ramp Up Pressure on Victims via Multiple Extortion Attacks"
Ransomware operators are amplifying their campaigns with double, triple, and quadruple extortion models. Researchers at Trend Micro analyzed threat data from the first six months of 2021, finding that ransomware remained one of the most significant threats faced by enterprise organizations. One change observed was the increase in ransomware attacks and groups using multiple extortion methods, including denial-of-service (DoS) attacks, data theft, and the harassment of customers and stakeholders of victim organizations. As of mid-June, at least 35 ransomware families used double extortion methods in which threat actors encrypt critical data and then threaten to leak it to the public to further pressure victims into paying the demanded ransom. Trend Micro also saw an increase in ransomware attacks involving DoS. This tactic was first used by the operators of SunCrypt and Ragnar Locker families in late 2020, but has been adopted more recently by Avaddon and other groups. According to Trend Micro, the operators of Cl0p and DarkSide, the group behind the ransomware attack on Colonial Pipeline, have added another layer to some of their attacks. This additional layer involves directly contacting customers of victim organizations via email and call centers. Other observed changes regarding ransomware campaigns include the increased collaboration between threats actors in gaining access to victim networks and the increased use of tools and techniques associated with Advanced Persistent Threat (APT) actors. Ransomware-related activity made up a large proportion of the 40.9 billion malicious emails, files, and URLs blocked for customers in the first half of 2021 by Trend Micro. The number represented a 47 percent year-on-year increase in threat volumes, which is an increase that many other vendors noted as resulting, at least partly, from the shift to a more distributed work environment during the COVID-19 pandemic. This article continues to discuss the increase in ransomware campaigns involving multiple extortion methods and other key findings from Trend Micro's analysis of threat data from the first six months of 2021.