CISA Has Issued New Guidance for Double Extortion Ransomware Attacks. Here’s How XM Cyber Can Help You Meet This Challenge.

Double extortion ransomware attacks are now one of cybersecurity’s most pressing threats. Read this to learn how organizations can make the right moves to protect their most sensitive assets.
Ransomware attacks have long been viewed as a worst-case cybersecurity scenario for organizational leaders. Sadly, that doomsday scenario is now becoming reality with alarming frequency. In 2021, the global ransomware victimization rate for businesses has reached a historic 68.5-percent, according to Statista. That means your business is more likely than not to become a victim.

Now, adversaries have found a way to make these attacks even more damaging: A tactic called “double extortion.” Learn more from our recent blog called The Rules of Ransomware Attacks Are Changing. Here’s How to Ensure Your Security Approach Isn’t Left Behind.

Government agencies are now stepping in to help defenders meet this new challenge.

Why Ransomware Attacks Are More Dangerous — and Numerous — Than Ever

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) just released guidance for the prevention of ransomware attacks, particularly those that include the troubling new practice of double extortion.

The 2021 Verizon Data Breach Investigations Report — a key industry reference document for understanding the state of organizational cybersecurity — shows the severity of the ransomware problem. While data breaches continue to rise every year, ransomware attacks in particular are growing at an unprecedented rate.

That’s not the bad news, however. A specific subset of ransomware attacks — those that feature data encryption and exfiltration — doubled in number between 2019 and 2020. This is a troubling new trend because it speaks to a tactical change on the part of attackers. Rather than simply holding assets for ransom, attackers are stealing sensitive data, encrypting it, and threatening to publicly release it if their demands are not met. In other words, victims are extorted twice.

This evolution is in response to organizations beefing up their defenses against traditional ransomware attacks. Attackers know that as long as they have sensitive data, victims have little leverage, even if they manage to avoid disruption to their business operations.

So What is the Solution?

The recently released CISA guidance suggests that defenders take the following steps:

  • Maintain offline, encrypted backups of data and regularly test your backups
  • Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan
  • Mitigate internet-facing vulnerabilities and misconfigurations to reduce the risk of exploitation of your attack surface
  • Reduce the risk of phishing emails from reaching end users by enabling strong spam filters and training programs
  • Practice good cyber hygiene by keeping antivirus and anti-malware software current, implementing allowlisting, limiting user privileges, and ensuring 2FA is used wherever possible

All of these are good ideas. Yet it’s also important to take one more critical step: The effective management of your attack paths that identify the misconfigurations, bad identity hygiene, unpatched vulnerabilities, and more in your environments. Essentially, the exact exposures that attackers leverage to accomplish their attack. 

Why Smart Attack Path Management is Your Best Protection Against Double Extortion

Organizations have used conventional security tools, supplemented by ransomware-focused solutions such as data backups, to meet the ransomware threat. Attackers have become wise to this approach and have updated their tactics.

To get around backup security solutions, ransomware attacks don’t stop at encrypting data. They steal that data as it is being encrypted. They lurk in networks, move laterally, try to access the most sensitive and valuable data and generate larger ransoms through double extortion.

Unfortunately, it typically takes just two steps to get from breach point to critical asset and 72-percent of organizations have attack paths leading to critical assets. This means that we are making the job of attackers far too easy in many cases.

XM Cyber, however, gives you the tools to offer much stiffer resistance. Often, organizations cannot see how attackers can move throughout their networks to easily threaten critical assets. XM Cyber solves this by illuminating all possible attack paths to their critical assets in on-premises, cloud, and hybrid environments.

This helps cut off lateral movement toward critical assets and predicts attacker behavior. Often, attackers will require months to reach exfiltration, and XM Cyber can prevent machine-to-machine movement by identifying the high-risk entities i.e. choke points,  that are used in multiple attack paths to breach critical assets. By. fixing those choke points, enterprises can proactively disrupt attack paths,  cutting off the possible chain of attack while delivering a cost-effective remediation ratio for the Security and IT teams.    

 By allowing you to visualize all possible attack paths to your critical assets via attack graphs and identifying the highest-priority remediation, XM Cyber helps prevent double extortion attacks before they get started.

Taking a proactive stance like this is the only consistent strategy for successfully defending against ransomware attacks. One they’ve breached your system and stolen your data, it’s “game over.”

With XM Cyber, you can help ensure that the attacker never reaches your field, and the game never gets started.

Shay Siksik is VP Customer Operations at XM Cyber


Read more:

Five Steps for Becoming Ransomware Resilient
The Rules of Ransomware Attacks Are Changing. Here’s How to Ensure Your Security Approach Isn’t Left Behind.

Related Topics


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.