CISOs are under pressure – extortion continues, even if ransom is paid
Venafi®, the inventor and leading provider of machine identity management, announces the results of a global survey of IT decision-makers on the use of double and triple blackmail in ransomware attacks. The data shows that 72 percent of IT decision-makers in Germany are so concerned about new extortion tactics that they believe that ransomware should be considered a matter of national security. This data takes on a new urgency in light of recent recommendations from the UK’s National Cyber Security Centre (NCSC), the Australian Cyber Security Centre (ACSC), and the Federal Bureau of Investigation (FBI), which have detailed the growing risk posed by ransomware.
Global Venafi survey: 72 percent of IT decision-makers in Germany say new extortion tactics make ransomware a national security threat
Double and triple extortion tactics pose new security challenges for German companies of all sizes. Even after a ransom is paid, cybercriminals pursue several threats:
- One in ten (11 percent) companies have paid the ransom, but their data can still be found on the Dark Web.
- One in ten companies (11 percent) refused to pay the ransom, and the attackers tried to blackmail their customers.
- Almost a third (32 percent) of the companies paid the ransom, but still could not recover their data.
Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi
“Ransomware attacks have become much more dangerous. They have evolved beyond basic security defenses and business continuity techniques such as next-gen antivirus and backups,” says Kevin Bocek, Vice President of Business Development and Threat Intelligence at Venafi . “Companies are not prepared to defend themselves against ransomware that exfiltrates data, so they pay the ransom, but this only motivates the attackers to look for even more. The bad news is that the attackers make their blackmail threats come true even after paying the ransom! This means that CISOs are under much greater pressure, as a successful attack is much more likely to lead to a major service interruption that affects customers.
When asked about the development of extortion in ransomware attacks, 63 percent of respondents in Germany said that double and triple extortion tactics have gained popularity over the past 12 months, and 52 percent agreed that these new threats make it much more difficult to refuse ransom demands.
In addition, there is:
- 32 Percent of attackers threaten to use stolen data to blackmail customers
- 24 Percent of attackers threaten to publish the stolen data on the Dark Web
- 32 Percent threaten to inform the victim’s customers that their data has been stolen.
These threat actor tactics bring new security challenges for organizations of all sizes. Almost two-thirds (68 percent) of IT decision-makers believe that ransomware attacks are evolving faster than the security controls required to protect against them. These threats are so severe that more than half (59 percent) of IT decision-makers believe that public reporting of ransomware attacks could help to slow the growth of these new attack methods. Another 67 percent believe that governments should do more to help private companies defend against ransomware.
“Threat actors are constantly evolving their attacks to make them even more effective, and it’s time for the cybersecurity industry to respond accordingly,” Bocek explains. “Ransomware often eludes detection because it is executed without a trusted computer identity. The use of machine identity management to reduce the use of unsigned scripts, increased code signing and the restriction of the execution of malicious macros are essential for comprehensive ransomware protection.“
About the study:
The Venafi survey, conducted by Censuswide, evaluated the opinions of 600 IT decision-makers in the UK, Australia, France, Germany, the Benelux countries and the USA.