skip to Main Content

Cybercrime, doubleextortion.com declares war on ransomware double extortion

Doubleextortion.com is born, a new site that traces the strategy of double extortion ransomware, increasingly in vogue among cybercrime. It was developed by the IT engineer and cybersecurity expert Luca Mella

“Doubleextortion.com”: this is the name of a new site, developed by IT engineer and cybersecurity expert Luca Mella, to outline an increasingly popular cybercrime strategy. Let’s start, however, trying to understand what this phenomenon is and how it is evolving. “‘Double extortion’ is a practice that more and more cyber criminals are embracing – explained Luca Mella to Defense and Security -. It is a real criminal business model that we can see as the evolution of the ransomware attacks of the past years, the so-called ‘cryptolockers’. Before, the malware attack was essentially linear – for example, when the email was opened, the PC files were encrypted at zero time -. Now we are faced with more sophisticated and dangerous practices. For example – he emphasized -, when the same email is opened, a complex computer intrusion begins. This silently insinuates itself into company systems and only after days do the effects manifest themselves. Victims of double extortion attacks are not only faced with the demand for large ransoms to restore the systems rendered inoperable, but also with the threat of publishing the data they stole during the intrusion, before the launch of the final ransomware attack “.

The site was born “out of curiosity”, to better understand the phenomenon. In the future it could be useful to understand what is the distribution in the continents of the affected companies or to correlate these events with other socio-economic phenomena

“Doubleextortion.com was born out of a simple curiosity of mine – continued the cybersecurity expert -: since mid-2019 I have been observing this phenomenon and in the first months of 2020 there has been a real explosion. More and more cybercrime groups embraced double extortion practices and the news of the affected companies is increasing more and more. Having experienced this kind of attacks through my work, I wanted to learn more about the phenomenon, put all these cybernetic events on a blackboard and understand their scope: this is why the site was born”. The future of the project, “driven by my curiosity, will partly depend on the directions that the phenomenon of double extortion will take. However, it could be interesting, for example, to understand what is the distribution in the continents of the affected companies or to correlate these events with other socio-economic phenomena”.

Doubleextortion.com has already detected important elements. First of all, the fact that cybercrime adopts the strategy of double extortion not only against the big names, but also against small companies and in sectors not at “cyber risk”

“Having lived in the cyber sector for some time, there are things that I expected to detect, such as the growing trend of attacks carried out successfully, a confirmed element – Mella specified -. But to tell the truth there is an aspect that emerged looking at the double extortion attacks and that deeply surprised me: the most total transversality of this phenomenon. Finding such a vast distribution of industrial sectors and company sizes was something I didn’t expect, or at least not to this extent – recalled the author of doubleextortion.com -. Observing the various double extortion attacks day after day, in fact, we realize that the problem affects both very large multinational groups such as Luxottica, Garmin or Enel, as well as small companies with a turnover of a few million euros. Even in sectors that are traditionally not perceived as ‘at cyber risk’.

The danger of ransomware double extortion is high and there are no universal solutions, but we can defend ourselves

What emerges from doubleextortion.com and from the daily warnings issued by the community of cybersecurity experts, suggests that cybercrime will continue to pursue the strategy of double extortion with ransomware against companies. Defending oneself, however, is possible. “A universal solution does not exist – explained Mella -. In my time in the world of cyber I have heard many recipes and seen various approaches. Some focused on technologies, others on operations or just prevention. Double and triple extortion attacks are very different from what most companies are used to, but they can be ‘balanced’. I will give some examples because the concept is very concrete: if corporate investments in recent years in cybersecurity have focused on prevention, try to move towards the answer as well. Similarly, if today the company is full of security technologies, but processes and personnel are scarce, following this principle the advice is to invest in services and operations. A priori from everything, however, – concluded the expert -, the absolute first step to take is undoubtedly equip oneself with people and skills that can write and implement an ad hoc safety recipe”.

Back To Top