By Meredith Griffanti, Evan Roberts and Josh Chodor of FTI Consulting…
For businesses hit by ransomware attacks, paying the ransom is often the most practical solution to recovering data and minimizing an extremely stressful situation.
However, paying a ransom, which can sometimes range into the millions, is easier said than done. In situations where a ransom isn’t or can’t be paid for a variety of business reasons—such as potential sanctions— organizations need to prepare for the avenues that threat actors will leverage to inflict significant reputational harm.
A common theme of today’s ransomware attacks is double extortion: Not only will a threat actor lock a company’s files and demand a ransom payment, but it will also threaten to release sensitive information that has been exfiltrated from a victim organization’s environment. These threat actors may not truly care about the content of such data; it’s simply a money-making operation.
Direct communication with key stakeholders
An evolution of the double extortion attack is particularly sinister: direct outreach to a victim company’s stakeholders. This new strategy forces organizations, already under tremendous pressure, to act quickly to get ahead of the messaging around an attack in an attempt to reduce reputational risk and maintain stakeholder trust.
Over the past few months, cybersecurity industry publications have written about situations where companies faced this type of extortion from CI0p and REvil ransomware groups. In these scenarios, customers who provided email addresses to the target companies received messages indicating that sensitive personal and business information was contained among the stolen data.
Target companies, facing not only business disruption from encryption, but also damage to key stakeholder relationships, may be more likely to make the ransom payment to minimize stakeholder backlash.
Cyber actors also have increasingly relied on direct outreach to the press to tout their successes and publicly pressure impacted organizations into paying the ransom, something REvil leaders have admitted. For the rest, click here.