A troubling new ransomware trend is gaining momentum. Known as the “pay or get breached” trend (also called the “double extortion” scheme), it gained a foothold in 2020 and is gaining steam as we begin 2021.
With more than 550 incidents in the fourth quarter alone, ransomware attackers have not been shy in adopting the “pay or get breached” scheme. According to cyber-risk firm Digital Shadows, the industrial goods and services sector has been disproportionately affected, accounting for 29% of attacks in 2020. Also, Digital Shadows reported that businesses in North America accounted for two-thirds of all attacks.
So, what does “pay or get breached” really mean?
“Pay or get breached” is a double-extortion scheme used by ransomware groups in which ransomware attackers use the twin strategies of demanding a ransom and then leaking the data if the victim does not pay.
Experts predict a continued increase in ransomware attacks, largely because the “pay or get breached” method provides an opportunity for lesser-known ransomware groups to make a name for themselves in the new year. According to experts, no industry will be off-limits as targets for these ransomware groups.
What is the future of the “pay or get breached” method?
Due to its success, it’s predicted that the “pay or get breached” will be the primary go-to approach for seasoned and aspiring ransomware groups alike when it comes to monetizing compromised companies.
It’s no secret that ransomware continues to be on the rise, with the “pay or get breached” method only adding to the existing problem. In just the past year, 51% of companies reported a ransomware attack, a figure that has remained consistent over the past several years. Of that 51%, two-thirds of those companies reported that the attacks successfully encrypt some of their data (reported by security-software firm Sophos).
Law enforcement officials and cybersecurity experts still strongly urge companies to refuse payment to cybersecurity actors but understand that many companies are put in an impossible position when they are victims of a “pay or get breached” scheme. The “pay or get breached” scheme can often also include cold calling to victims and threats to employees’ safety.
If you believe your business is the victim of a ransomware attack, contact your IT security team and law enforcement officials ASAP before giving in to ransom demands. If we can support your business in any way, contact PK Tech here.