Re-Extortion: How Ransomware Gangs Re-Victimize Victims

It is a simple fact of life that someone who has been exploited once is more likely to be exploited again, and this fact is becoming increasingly relevant in the current world of cybercrime. Ransomware is now just the first step of a long chain of extortion, and that chain is getting longer as victims find themselves being hammered for ransom repeatedly, months or even years after the initial breach. Worse, they can find themselves being breached for a second time. This can have a variety of causes: in many cases, enterprises who have been victimized fail to fully expunge attackers from their system. They also may have limited resources or insufficient expertise, and fail to fully secure their network following a breach. Once they have been made a target once, their name continues to circulate around the network of cybercriminals, and other ransomware groups might decide to try targeting them as well, for the simple reason that they are a known breach victim, and are therefore more likely to be breached again.

‍

How can enterprises break the cycle? Proactive measures are necessary, rather than simple reaction. Security teams need to conduct thorough post-incident analysis to discover the cause of initial breaches and find what specific vulnerabilities were used, so they can be closed. Long-term strategies are also important, with security teams regularly searching for vulnerabilities so that they can be closed before they are utilized. Regular security audits, employee training and the development of incident response plans are all part of this long-term outlook. By acting proactively, companies can greatly reduce the risk of re-infection and re-extortion.