In August 2020, the University of Utah was hit by a ransomware attack. The university IT team had put data backups in place to ensure business continuity and thought they were safe, but unfortunately, the hackers had exfiltrated their data before encrypting it – a new hybrid tactic referred to as double extortion or ‘hack-and-leak’, where malicious actors gain access to an organization’s sensitive information and threaten to release it in the public domain as part of the larger ransomware attack. When the truth unfolded, the university administration had no choice but to pay the threat actors as much as $457,000 to gain assurance that their data wouldn’t be leaked online.
The University of Utah isn’t alone in encountering such attacks. Several other organizations have been shelling out millions since REvil, a ransomware gang, first used this hybrid tactic in early 2020.
Double extortion exponentially increases costs to business
While ransomware protection guidelines include data backups and a well-thought-out recovery process, the approach is no longer enough when data can fall into rogue hands. This becomes immediately apparent when analyzing attacks emulated and perfected by ransomware gangs such as Maze, DoppelPaymer, Egregor, and others. Through double extortion attacks, hackers have a clear intention of maximizing their profits. This has become clear during the Covid-19 pandemic. According to Coalition, buying double extortion assurance costs companies six times the average of previous ransomware cases. But the question arises: can organizations trust hackers not to leak their data?
By 2025, it’s projected that 87% more Americans will be working remotely than before the pandemic, according to a study by Upwork. This new normal of remote work will continue to contribute to the widening attack surface and the growing threat of double extortion attacks. The threat targets all types of businesses, but pharmaceutical and healthcare companies are most vulnerable. Malicious actors can penetrate company networks via gullible employees and in no time unleash double extortion attacks with repercussions that are costlier than one can imagine.
Preventing double extortion threats before they cause damage
It is an open secret that organizations are incessantly investing in ramping up their cybersecurity armory to deal with all kinds of threats and breaches. But in the fight against cybercrime, the focus remains on detection of breaches and dealing with threats, but not on prevention. Attackers are swift to adapt and adopt new ways to outsmart even our most sophisticated defenses, and archaic methods such as virtual private networks (VPNs) and remote desktop protocol (RDP) are simply not enough, yet many organizations still rely on them to grant access to remote employees. Hackers are swift to exploit vulnerabilities in VPN and RDP systems due to lax password-change policies and poor patch management. In addition, VPNs aren’t effective when it comes to addressing threats like malvertising, phishing, credential theft, and ransomware – and especially double extortion.
Fending off threats at the door is a critical step to ensure that an organization’s business is not brought to a halt. Organizations need to focus on use of technologies that help prevent ransomware attacks rather than perform a post-exploit response. In other words, they need to first abandon the ransomware arms race which is merely aimed at detection and recovery and instead focus on preventing the initial stages of ransomware attacks such as web and email phishing attacks that, according to Verizon’s Data Breach Investigations Report, account for 90% of the threats, using Zero Trust-based technologies. For example, remote browser isolation (RBI) is an emerging technology that can stop any ransomware assault – including double extortion – before it succeeds and causes damage. Whereas most security solutions stop attacks between step 3 and 7 in the attack kill chain, behind RBI’s growing popularity to stop ransomware in its tracks is its ability to stop it at step 2, before it is weaponized. In this way, RBI protects organizational data from being exfiltrated and exploited.
Making RBI your weapon to thwart double extortion attacks
RBI contains browser activity inside an isolated environment by fetching, executing, and rendering all elements of a page away from the user’s device. This means that it will effectively protect against ransomware attacks of all sophistication which are flowing in from the web. In a recent eport, the SANS Institute notes one key reason why remote browser isolation is critical to any organization’s cybersecurity program: almost all work performed today requires use of the browser. Especially with current remote workforce models and heavy reliance on the cloud, SANS has labeled the browser as the new endpoint. Attackers focus on the browser as one of the biggest – and potentially most vulnerable – attack vectors. With its Zero Trust-based architecture, RBI can neutralize all malicious ads in the remote environment without compromising the user’s web experience. Governments and regulators have thus begun to realize the importance of defending and securing web activities using technologies such as RBI. In fact, the Cybersecurity and Infrastructure Security Agency (CISA) recently published its recommendation to use RBI technology to fight malvertising attacks.
Evolved and intelligent RBI to bring down double extortion instances
RBI has been constantly evolving and has come of age giving users a native browser experience even in an isolated environment through features such as Smart Isolation. Smart Isolation adapts web rendering according to the risk levels of the page or web element with two complementary approaches to rendering – UX Optimized and Secure Streaming. The Secure Streaming model renders elements remotely and securely streams harmless pixels to the endpoint to offer the strongest possible security. The UX Optimized model intelligently renders harmful pages and web elements remotely while rendering the less harmful pages and elements locally to balance native user experience and security. This way, it can now enable users to stay productive while being secure.
Evolved and intelligent RBI platforms allow for fast and easy adoption to keep threats away from their network. It is one of the best preventative measures a company can take to stop attackers from shutting down their systems, stealing their data, and ultimately demanding large sums of money for ransoms.