Researchers at Check Point have identified a growing trend for a new ransom-ware tactic. In what researchers call “double extortion,” the new tactic involves threat actors adding an additional stage to a ransom-ware attack: prior to encrypting a victim’s database, hackers will extract large quantities of sensitive information, threatening the publication of it unless ransom demands are paid, placing more pressure on victims to meet the demands of threat actors.

To prove the validity of the threat, threat actors leak a small portion of sensitive information to the dark web, dangling intimidation that more is to follow if ransom goes unpaid.

The “Double Extortion” Process

  1. Threat actor gains entry into a victim’s network
  2. Threat actor extracts sensitive data, such as customer details, financial and employee details, patient records, and more
  3. Threat actor encrypts the files and demands ransom from victim
  4. Threat actor threatens leak of gathered sensitive data
  5. To prove validity of threat, threat actor leaks small portion of extracted information to dark web

The first published case of double extortion took place in November 2019 and involved Allied Universal, a large American security staffing company. When the victims refused to pay a ransom of 300 Bitcoins (approximately US$2.3 million), attackers, who used ‘Maze’ ransom-ware, threatened to use sensitive information extracted from Allied Universal’s systems, as well as stolen email and domain name certificates, for a spam campaign impersonating Allied Universal.

Countering ransom-ware, malware threats

It is estimated that many other companies avoided publication of their sensitive data by paying the ransom demanded

To prove their point, the attackers published a sample of the stolen files including contracts, medical records, encryption certificates and more. In a later post on a Russian hacking forum, the attackers included a link to what they claimed to be 10% of the stolen information as well as a new ransom demand that was 50% higher. Maze has since published the details of dozens of companies, law firms, medical service providers and insurance companies who have not given in to their demands. It is estimated that many other companies avoided publication of their sensitive data by paying the ransom demanded.

Other cybercriminal groups have followed the new double extortion tactic, opening their own sites to publish and leak stolen information as a means to apply additional pressure on their victims to pay ransom. Attackers utilizing Sodinokibi ransom-ware (aka REvil) published details of their attacks on 13 targets, as well as proprietary company information stolen from the targeted organizations. The National Eating Disorders Association was the last in the list of victim organizations.

Data security

Additional attacks that have joined the trend include Clop ransom-ware, Nemty, DopplelPaymer and more. Information published on these sites was soon found to be offered for sale by the ransom-ware group itself or by other criminals who collected the data from the dumpsites.

“Double Extortion is a clear and growing ransom-ware attack trend. We saw a lot of this during Q1 2020. With this tactic, threat actors corner their victims even further by dripping sensitive information into the darkest places in the web to add weight to their ransom demands,” said Check Point’s Manager of Threat Intelligence, Lotem Finkelsteen.

Importance of cyber security

He adds, “We’re especially worried about hospitals having to face this threat. With their focus on coronavirus patients, addressing a double extortion ransom-ware attack would be very difficult. We’re issuing a caution to hospitals and large organization, urging them to back up their data and educate their staff about the risks of malware-spiked emails.

Ransom-ware attacks have affected more than 1,000 health care organizations in the US alone since 2016

Ransom-ware attacks have affected more than 1,000 health care organizations in the United States alone since 2016, with costs totaling more than US$ 157 million, according to a recent analysis. In 2017, dozens of British hospitals and surgeries were affected by ransom-ware known as WannaCry, which resulted in thousands of canceled appointments and the closing of some accident and emergency departments. In 2019, several U.S. hospitals had to turn away patients after another spate of ransom-ware attacks.

Enhancing healthcare and enterprise security

In the ongoing fight against constantly-evolving ransom-ware tactics, the best defense is to prevent becoming a victim in the first place. Check Point has previously detailed its best practices to help you avoid being a ransom-ware victim, but to recap:

  • Back Up Your Data and Files - It’s vital that you consistently back up your important files, preferably using air-gapped storage. Enable automatic backups, if possible, for your employees, so you don’t have to rely on them to remember to execute regular backups on their own.
  • Educate Employees to Recognize Potential Threats - The most common infection methods used in ransom-ware campaigns are still spam and phishing emails. Often, user awareness can prevent an attack before it occurs. Take the time to educate your users, and ensure that if they see something unusual, they report it to security teams immediately.
  • Limit Access to Those That Need It - To minimize the potential impact of a successful ransom-ware attack against your organization, ensure that users only have access to the information and resources required to execute their jobs. Taking this step significantly reduces the possibility of a ransom-ware attack moving laterally throughout your network. Addressing a ransom-ware attack on one user system may be a hassle, but the implications of a network-wide attack are dramatically greater.
  • Keep Signature-Based Protections Up-To-Date - While signature-based protections alone are not sufficient to detect and prevent sophisticated ransom-ware attacks designed to evade traditional protections, they are an important component of a comprehensive security posture. Up-to-date antivirus protections can safeguard your organization against known malware that has been seen before and has an existing and recognized signature.
  • Implement Multi-Layered Security, Including Advanced Threat Prevention Technologies - In addition to traditional, signature-based protections like antivirus and IPS, organizations need to incorporate additional layers to prevent against new, unknown malware that has no known signature. Two key components to consider are threat extraction (file sanitization) and threat emulation (advanced sandboxing). Each element provides distinct protection, that when used together, offer a comprehensive solution for protection against unknown malware at the network level and directly on endpoint devices.
Download PDF version Download PDF version

In case you missed it

The Growing Popularity Of Personal Safety Apps
The Growing Popularity Of Personal Safety Apps

The past year has elevated consumer awareness about personal safety, from COVID-19 issues to social unrest, making safety top-of-mind and the need for personal safety solutions, even more prevalent. In addition, consumers spent more time at home, as schools closed, events were canceled and remote work increased. This prompted two major shifts that, in my opinion, most significantly opened the need for and raised the popularity of mobile safety solutions. Demand for grocery and food delivery apps surged Rise in use of app-based delivery services During the past 18 months, the use of app-based delivery services has skyrocketed During the past 18 months, the use of app-based delivery services has skyrocketed. With more use comes more interactions among strangers in homes and businesses, and while the majority of these moments are completely safe and convenient, incidents are happening, ranging from uncomfortable situations to physical assaults.   And, with more delivery drivers on the road, there are going to be more accidents among gig-economy workers. Based on recent estimates, food and grocery delivery are expected to remain popular, even as we get back to normal life. High popularity of mobile security apps and wearables With more work shifting from stationary locations to working on-the-go, mobile security apps or wearables can be a lifeline in all sorts of situations. It’s important for these mobile safety products to be comprehensive, dynamic and designed to address the full range of people’s safety and security needs, from providing simple human reassurance to dispatching emergency help. Domestic violence cases increased According to the National Domestic Violence Hotline, due to COVID-19 lockdown restrictions, domestic violence rose as a result of many victims being stuck at home with their abusers, while sheltering in place and working from home. Mobile safety apps, such as ADT’s SoSecure U.S. Attorneys General and other state-elected officials have endorsed mobile safety apps, like SoSecure by ADT These situations necessitate the need for discreet ways for victims to call for help. U.S. Attorneys General and other state-elected officials have endorsed mobile safety apps, like SoSecure by ADT, as a tool to help victims of domestic abuse, safely call for help, without alerting their abuser. Over the past year, the mobile safety app market has seen tremendous innovation, including more user-friendly ways to make SOS calls. Today, within a single app, a person can summon help hands-free, by saying a secret phrase, by text or by swiping a button. Extension of mobile safety into wearable devices And, users can connect with people trained to help in unsettling situations over video, which can be an effective deterrent and provide video evidence. We’ve also seen the extension of mobile safety into wearable devices, in order to make these devices more discreet and usable. There will always be some safety risks in our lives. However, the good news is there’s no need to live in a constant state of fear. The easiest, most direct way to be prepared and ready to ‘fight back’ is by having a personal safety tool in your pocket, a mobile safety app that is there, when you need it most.

Delta Scientific’s Vehicle Barriers Elevate Public Safety In Troubled Times
Delta Scientific’s Vehicle Barriers Elevate Public Safety In Troubled Times

Vehicle barriers first rose to the forefront of public attention after 9/11. The focus from 2001 to 2010 was on anti-terrorism, and vehicle barriers appeared at military and government facilities around the world. The U.S. Capitol breach on Jan. 6, 2021, brought heightened attention to the risks in a society that is increasingly fractured and volatile. Various protest events in recent months have made customers more aware of possible threats and prompted many to proactively install vehicle barriers and other systems to protect their premises. Shifting market focus Since 2010, and with the anti-terrorism market mostly saturated, the market focus for vehicle barriers shifted to public safety applications such as stadiums, schools, universities, large tech companies, and data centers. It’s an example of deploying technology developed in “wartime” to the broader public good, says Keith Bobrosky, the new president of vehicle barrier company Delta Scientific Corporation. Withstanding the pandemic The only remaining hurdle for Delta Scientific is to deal with continuing uncertainty going forward Like many in the security market, Delta Scientific has withstood a tumultuous two years during the duration of the novel coronavirus pandemic. They have “come through with flying colors,” says Bobrosky. The company never closed down, and its vaccination rate is high. The only remaining hurdle is to deal with continuing uncertainty going forward. Delta Scientific’s commitment Bobrosky began working in sales at Delta Scientific in 2007. Along the way, he has expanded into management, production, and engineering management. Through it all, he has seen a company that provides employees the autonomy to do their jobs and who have a strong commitment to customers, he says. The privately-owned company is nimble; decisions can be made quickly to respond to market changes, adds Bobrosky. Addressing needs during a pandemic The company was concerned about lower demand when the economy shut down, says Bobrosky, but they did not see an impact. The business was steady as a result of government entities and other organizations taking advantage of being closed to evaluate and address security needs. “We saw a decent flow of government business because of the shutdown,” says Bobrosky. Delta Scientific focuses on the domestic U.S. market but also has a presence selling to partners in the Middle East and Europe, where the equipment is known for its ability to take multiple hits. Even after withstanding an impact according to ASTM standards, their barrier is still operational. Increased steel purchased Delta Scientific ramped up its purchasing power, staving off any shortages and striving to keep lead times short As material shortages have spread through the industry, Delta Scientific has ramped up its purchasing power, staving off any shortages and striving to keep lead times short. Steel is their major component – literally, 98% of the weight of the products is steel, and there are 5,000 pounds of steel per barrier. The price of steel has gone up and there have been shortages. The company has maintained supply by leveraging its reputation and purchasing power. Most of their components are made in the USA, which has helped them dodge the recent challenges of the global supply chain.  Application of barriers and bollards Automotive dealerships are another market for Delta Scientific; their bollards and barriers are used as anti-theft devices to keep vehicles from being stolen from a sales lot. Delta Scientific’s products can foil car thieves who might otherwise use a large vehicle to plow through a barrier and then enable a parade of accomplices to drive away in additional vehicles. Auto resellers buy anti-terrorism products to protect their inventories. DSC550 Open Frame vehicle barrier Delta Scientific’s products have evolved from push buttons and relay to touch screens and microprocessors New efficient product designs enable Delta Scientific to use less steel while keeping prices competitive and maintaining crash ratings. The products are more innovative, says Bobrosky. New barriers include the DSC550 Open Frame vehicle barrier, which does not block the view as solid barriers do. During the last decade control systems for Delta Scientific’s products have evolved from push buttons and relays to touch screens and microprocessors, although some customers still prefer the simplicity of the older approach. Portable crash barriers The equipment can also be controlled remotely and integrated with PSIM-type systems. Although the systems are stand-alone, some clients have been toying with the idea of controlling them through the internet, emphasizing the importance of appropriate cybersecurity. A separate line of portable crash barriers can be towed into place in 15 minutes by a vehicle or even a golf cart. They are used for events such as the Democratic and Republican National Conventions, the Oscars, music festivals, etc. There are hundreds of units in the field, available as needed for various events and rented out to event management companies and other organizers. Improving customer relations  As the president of Delta Scientific, Bobrosky says his biggest opportunity is to continue improving customer relations – a never-ending goal. He will also strive to increase communication. Looking ahead, additional crash tests are scheduled for 2022, and the company will continue to look for ways to “do more with less.”

Access Control Vs. Traditional Locks: Which Is Better & How?
Access Control Vs. Traditional Locks: Which Is Better & How?

The concept of security has substantially upgraded because of technological advancements. We have seen a shift from mechanical locks to electronic locks and door access control systems which are more relied upon nowadays for watertight security and safety. But, choosing the system that is the best for you requires understanding how both these technologies work. In this article, you will get a clear idea of: How electronic locks are better than traditional locks The difference between access control systems and new locking mechanisms Why biometric technology is the best access control system What are traditional locks? These are mechanical locks having strong metal deadbolts, knob locks, levers, etc. They always require a matching physical key. Mechanical locks are easy to install and can protect houses and small offices. However, their keys can be copied easily. Anyone with a key can open a mechanical lock, no matter if it isn’t the owner. Insight: The only advantage of mechanical locks is they’re very modestly priced, so if your security requirements aren’t very complex, mechanical locks can serve you well. The new-age electronic locks Electronic or digital door locks give you increased control over who can enter your premises, extending greater security and accessibility. They are operated using cards or biometrics. Cards cannot be copied without the owner or the manufacturer’s knowledge. Some smart digital locks also provide information on who accessed your door and when, and any attempts of forced entry.  Insight: Although more costly than traditional locks, electronic locks are a better option and investment. What is access control? Access control is a comprehensive system of security that covers all the doors or access points of your premises, only allows entry to people who are registered in the system, exercises surveillance in terms of IDing each user requesting access, and maintains detailed records of all transactions done on the system. The elements required for installing and operating an access control system are: The access reader – This is installed on or beside the door or the access point, is connected to the electric lock, and acts upon the instructions programmed into it by the administrator. The access key – An RFID reader uses an RFID card key, and a biometric reader uses a biometric identifier (fingerprint, palmprint, etc.). The control panel – This stores all the information of the access keys, employees, visitors, etc. and reads commands from the key and sends it to the reader. Electronic lock – The access control door locks are controlled by the control panel. Access control systems go beyond electronic locks as they bring your entire premises under one security framework for convenient monitoring. Why Biometric Access Control Systems Are The Best Bet Biometrics – the science of evaluating features of the human body to establish your identity. Biometric technology has been earning immense approval all over the world in the last two decades. From quick access to managing records of visitors, biometrics does it all, making it the best access control system in use.  As a general practice, companies looking to install biometric security solutions should consider the following points to make their decision easier and more accurate: The purpose for which the system is to be installed. The group of employees who will be using it. The area and scale where it is going to function. Understanding Biometric Access Control Mechanisms According to reports, biometric verification was first encouraged by law enforcement agencies in the 1800s to identify criminals. Later, it was adopted by businesses and large companies for recording the attendance of their employees and maintaining records. Today, technological advancements have developed biometric access control & security systems that can analyze an array of biometric identifiers: Facial Recognition  Fingerprint Recognition Voice Recognition  Iris Recognition Retinal Scans The easiest to install and the most common biometric ACS (access control system) is fingerprint recognition. They’re highly preferred by organizations of all scales and sizes and are easy for employees to operate as well. Next in line is facial recognition, which is slightly expensive due to its equipment and tech, but highly adopted, nevertheless. This has become possible due to facial unlocking systems flooding the smartphone market and making this technology more normalized, plus the onset of the covid-19 pandemic that surged the demands for contactless solutions everywhere.  Insight: For this reason, many biometric access control system manufacturers develop scalable devices that can accommodate multiple identifiers as per the client’s necessities. A unique benefit of the voice recognition component in access control mechanisms is ‘convenience with fun’. We cannot deny the expediency of "Hello Google", "Hey Siri" and "Alexa" in Google Assistant and Apple's voice recognition facilities. Voice recognition is a comparatively costlier access control mechanism and so small companies hesitate to employ it.   Insight: Voice recognition is a developing technology; it can become cost-efficient in the future.   Both iris recognition and retinal scans are ocular-based biometric identification technologies that seem similar but are actually quite different. A retina scan is performed by casting a beam of low-energy infrared light into a person’s eye as they look through a scanner’s eyepiece at close range. Iris scanning uses camera technology to obtain a detail-rich image mapping out the intricate structure of the iris. Overview: Retina scanning is more invasive than iris scanning because the retina is positioned at the back of the eye. Iris scans take a picture of the iris from a distance, whereas retina scanning takes a picture of the iris by putting the person's eye close to the scanner. Insight: Companies looking to install these 2 systems should consider the users as retina scanning works the best for in-person authentication, and iris scanning can be done digitally. How Does Access Control Transcend All Other Locking Systems? The number of benefits that modern access control systems offer is quite evident. They encompass all features of traditional as well as electronic locks and amplify security to a significant level. Moreover, biometric access control raises the bar by eliminating the risks of keys/ proximity cards getting stolen and enforcing identity-based access so that only the one who is authorized can enter.