The double extortion trend that ransomware cartels utilize to coerce businesses

February 9, 2021
ransomware cartels double extortion fraud prevention

Ransomware has indeed become its own industry and has come a long way. From the early days with the AIDS Trojan to the current more modern, unique and business-like model Ransomware-as-a-Service preys on companies and organizations worldwide. There is a new ransomware technique being played by the adversaries called ‘double extortion’. They lock their victims’ files and pressure them to pay the ransoms or suffer from their data getting publicly leaked and sold. The wicked modus exploded during the start of the covid19 pandemic.

This new trend on ransomware put companies and their clients and consumers in a difficult position as ransomware seems to keep ramping up. Just by looking at the numbers, it’s easy to see why:

  • About 70% of organizations and companies that are victims of ransomware paid their ransoms, with sums ranging between $20,000 to $40,000
  • Consumer victims of ransomware are paying out $500 to $1,000 ransom
  • $20 billion in 2021 is the expected net of cybercriminals earning from ransomware
  • Cybercrime would cost organizations $5.2 trillion over 2019 to 2023 period in addition to costs and lost revenue.


To make matters worse, cybercrime cartels target organizations of all sizes in which 62% of the victims in 2019 are small to medium-sized businesses.

Also, it’s not only businesses that should be concerned about the rising threats from ransomware. Consumers should be worried more about the double extortion practice; vast amounts of data go into the hands of cybercriminals. Consumers’ personal data, ID document scans, bills, payroll and financial info, CV and other such information can be available for international cybercriminal organizations and fraudsters. Should these ransomware gangs sell the personal data on the dark web and hacking forums, it can be used by other threat actors and fraudsters to craft phishing attempts and social engineering tactics to commit financial fraud.


Avoid becoming a ransomware victim!

The structure of these cybercriminal cartels has been evolving, and they have been observed to collaborate and affiliate to split the ransom they had collected. Due to this nature, there is a wide range and variety of attack vectors used by each group. For example, Maze cartel employs compromised RDP sessions, social engineering, weak user credentials, and so on. In fact, an affiliate program is innovative in its own way since it allows hackers from other groups to become part of a campaign.

We advise businesses to adapt to a more proactive strategy for ransomware avoidance:

  • Prevent malware from being delivered to devices by enabling filters that will allow or block file types, block websites with malicious contents and scripts, etc
  • Protect your remote access devices by patching known vulnerabilities, enabling multi-factor authentication, using a secure VPN device and systems, and employing the least privileges model
  • Prevent any malware from running on a device by central management, ensure up to date patching, installing critical security updates and enabling auto-updates
  • Prevent spreading of malware throughout the network by using MFA, firewalls, antivirus programs, detection and monitoring the infrastructure’s security network, enable segregation of platforms especially the obsoletes


Prevention should not focus on an organization’s strategy; businesses must be ready to respond – with the right investment on good security operation staff and cybersecurity emergency response to incidents capabilities. It is possible to cut off the ransomware operator’s grasp on your files and systems before it impacts the business and stakeholder’s trust.

About the author

Leave a Reply