Ransomware and extortion attacks have never been more costly or complex to manage. Groups are continuously evolving new tactics to ramp up the pressure on victims to pay, and double extortion is a popular example of this. While encrypted information can sometimes be painstakingly retrieved from back ups, the consequences of this data being publicly exposed on data leak blogs can be far harder to mitigate. Your organization needs timely insight into the information these adversaries have released on their blogs more than ever before. Intel 471 is proud to announce that with our latest data leak blogs collection enhancement, you can take the preventative action needed to mitigate the impact on your assets.
What are data leak blogs?
Double extortion is a popular tactic ransomware and extortion groups employ. Traditionally, these groups encrypt their victim’s data or operating systems, rendering the organization unable to access these valuable assets until a ransom is paid. Double extortion takes this one step further: the cybercriminals not only encrypt data, but also exfiltrate it and threaten to sell it or leak it publicly on data leak blogs and sites. This ramps up the pressure for victims to pay. Not only do they require a decryption key, but they also seek the prevention of this information being leaked publicly to avoid greater legal penalties, further erosion of stakeholder trust and attackers using it to commit further cyber incidents.
How does Intel 471’s new enhancement mitigate the risk of data leak blogs?
We’ve enhanced our data leak blogs collection framework to bring new functionality and insight to victims of ransomware and extortion attacks. These include:
More timely collection of data leak blog information to give you a head start in mitigating against risk to you and your third parties.
Instant access to file listings on active blogs to gain greater clarity into the extent of your compromised data and early warning of third-party breaches.
The ability to track when data has been removed from blogs, so you can adapt your incident response to reflect the state of the leaked information.
The option to configure watchers and receive alerts to track operations in near real time.
Greater efficiency through a new application programming interface (API) endpoint.
Why is this enhancement important?
Double extortion is on the rise
While it isn’t a new tactic, double extortion stood out in 2023 when the CLOP extortion group used it during the exploitation of the MOVEit vulnerability to impact more than 100 victims across the world. The effectiveness of the group’s attacks and the publicity it drew are only likely to encourage other cyber adversaries to utilize the double extortion tactic to emulate the group’s success. As a result, it’s never been more important to have visibility of the data made available on these resources in a timely manner.
Insight is everything
By examining the file listings within blog posts, you will be able to verify exactly what files have been leaked. With double extortion, there’s also no guarantee that the attackers will delete the stolen data after receiving payment, perpetuating the risk attached to the exposed information. With Intel 471, you can now set watchers to be alerted when threat actors have removed files. Gaining greater insight into the extent of the exposure will allow you to better understand how best to implement incident response and the action that must be taken to mitigate the damage.
Speed is crucial
When a ransomware or extortion attack occurs, timely awareness and response are crucial to effectively mitigate its effects. Our enhanced collection means data leak blog information is collected faster. This means you receive near-real-time alerts upon the identification of relevant data, so you can respond to an incident as it unfolds.
Fight third-party risk
You’ll also be able to identify when data connected to your third-party vendors, suppliers and others appears within data leak blogs. Due to the level of interconnectivity between you and your third parties, you may find that a third-party leak also contains information relating to your own assets, such as credentials or personally identifiable information (PII). By identifying your data within a third-party leak, Intel 471’s enhancement ensures you have the early warning to manage this risk with immediacy.
What’s more, threat actors commonly target third parties with weaker cybersecurity protocols and use them as a stepping stone to gain easy access to your organization. They also target vendors supplying a wide range of customers so they can maximize the outcome of their efforts by impacting multiple victims at once. A leak of third-party data could therefore offer cybercriminals the initial access they need to your third party to begin a targeted attack on your own organization. Our data leak blogs enhancement gives you the leg up you need to protect against a cyber incident via your third parties.
Let us empower you in the fight against extortion attacks
It’s not if a ransomware attack will strike, but when. As organizations around the world find themselves pitted against such tactics, knowledge and speed are the key differentiators when it comes to determining the success of mitigation. With our data leak blogs enhancement, we are proud to unlock the insight and rapid action you need to respond to these attacks with confidence.
