Re-Extortion: How Ransomware Gangs Re-Victimize Victims

August 5, 2024

It is a simple fact of life that someone who has been exploited once is more likely to be exploited again, and this fact is becoming increasingly relevant in the current world of cybercrime. Ransomware is now just the first step of a long chain of extortion, and that chain is getting longer as victims find themselves being hammered for ransom repeatedly, months or even years after the initial breach. Worse, they can find themselves being breached for a second time. This can have a variety of causes: in many cases, enterprises who have been victimized fail to fully expunge attackers from their system. They also may have limited resources or insufficient expertise, and fail to fully secure their network following a breach. Once they have been made a target once, their name continues to circulate around the network of cybercriminals, and other ransomware groups might decide to try targeting them as well, for the simple reason that they are a known breach victim, and are therefore more likely to be breached again.

How can enterprises break the cycle? Proactive measures are necessary, rather than simple reaction. Security teams need to conduct thorough post-incident analysis to discover the cause of initial breaches and find what specific vulnerabilities were used, so they can be closed. Long-term strategies are also important, with security teams regularly searching for vulnerabilities so that they can be closed before they are utilized. Regular security audits, employee training and the development of incident response plans are all part of this long-term outlook. By acting proactively, companies can greatly reduce the risk of re-infection and re-extortion.

More from Blackwired

December 16, 2024

CISOs need to consider the personal risks associated with their role

CISOs face personal liability for cybersecurity incidents, boosting accountability but increasing stress and deterring professionals.

Read more
December 9, 2024

The Shocking Speed of AWS Key Exploitation

AWS keys exposed online are exploited in minutes, highlighting the need for faster detection and response to prevent breaches.

Read more
December 2, 2024

Advanced Cyberthreats Targeting Holiday Shoppers

The holiday season sees increased e-commerce scams, with AI-driven phishing, fake sites, and data theft targeting consumers and businesses.

Read more