Only one thing is certain in today’s ever-changing world. Ransomware attacks have become an extremely fruitful business. Attack trends are constantly evolving, which has brought us to today’s topic - Double encryption.
What’s going on?
This is not the first time researchers spotted double encryption. It usually happens when two distinct ransomware groups compromise the same victim at the same time. However, lately, Emsisoft uncovered this latest trend in which ransomware gangs are using multiple ransomware strains to double encrypt data. While some victims receive two ransom notes at once, others only get to know about the double encryption after they have paid the first ransom.
Why does it matter?
The recovery of encrypted data has become an absolute nightmare because of this new trend. This also ensures that threat actors have a higher success rate with getting ransoms. Moreover, multiple ransomware variants increase the chances of a successful deployment.
Recovery becomes complicated
It doesn’t really pay to pay. Even armed with decryptors provided by the threat actors, recovery is challenging.
- In the case of single encryption, there is a huge risk of your data getting corrupted. This same risk is doubled in the case of double encryption.
- Decryption is a time-intensive procedure and tools require manual intervention. This forces incident responders to jump between different badly coded tools.
A ray of hope
With proper backups, a company can choose to rebuild from them. Thus, making the encryption of old data redundant. Hence, it is extremely crucial that organizations keep a backup of every data to quickly bounce back from a double encryption ransomware attack. This may be one of the latest trends introduced in the ransomware landscape, this is definitely not the last. Therefore, organizations need to implement proper defense strategies.