Skip to main content

Ransomware Criminals Now Using Triple Extortion Tactics

Cyber extortion tactics are ever evolving and becoming increasingly egregious. Hackers are finding new sophisticated ways to hold data, website, computer systems, or other sensitive information hostage until you meet their demands for payment, which if not satisfied, can result in devastating and costly damage to the business owner. Medical practices continue to be increasingly vulnerable targets. Cyber criminals recognize the value of confidential and protected patient data and are now doubling and even tripling their efforts to take advantage of healthcare organizations. 

Ransomware criminals have used double extortion tactics since late 2019. One widely used approach is to decrypt data stored on local servers, computers, and other devices while another is to threaten to publicly leak stolen data. Both tactics are working. Last year, more than 1,000 companies found that their data was leaked after they refused to pay the requested ransoms.

On-Demand Webinar: Key Strategies for Ensuring a Profitable Independent Practice
During this one-hour program, practice management expert Debra Phairas discusses how various business models and operational enhancements can increase revenue to help your practice remain successful in today’s competitive marketplace.

Criminals are now upping their game to three levels of extortion

What is now becoming the third popular extortion tactic? Targeting individuals whose data has been stolen in the attack. In some instances, these individuals are issued a demand to prevent their personal data from being sold or put in the public domain. This third extortion tactic is particularly popular in the healthcare world where sensitive health information is the subject of the threat.

This triple tactic started in late 2020 and has gained traction in 2021, with the first case affecting the Vastaamo Clinic in Finland in October 2020 when attackers stole medical data and issued ransom demands to the clinic and the patients, threatening to publish patients’ psychotherapy notes if they failed to pay. In another example, the Revil ransomware gang announced, in addition to the double extortion ploy, it would deploy distributed denial-of-service (DDoS)  attacks and phone calls to the victim's business partners and the media.

Ransomware is growing and getting more dangerous. Protect yourself now

Implement these best practices to protect yourself against ransomware and these dangerous extortion scams.

Close all remote dektop ports (RDP) if you're not using them. Otherwise, place all RDP services behind a VPN and protect them using a two-factor authentication method (2FA).

Protect all accounts (including email) and remote access points with 2FA.

Keep all software up-to-date and implement a patch management program.

Train your employees to recognize phishing emails and how to report them to IT.

Implement geo-IP filtering to block web traffic from entire countries.

For cloud backups, use separate, dedicated credentials for access and consider any immutable storage options.

Segment your networks to build internal barriers to prevent ransomware from spreading.

Apply “least privilege” principle to all user accounts.

Backup your data regularly using the 3-2-1 back up rule: Create 3 copies of your data, 2 on different media types, and 1 copy isolated off site.

CAP is committed to helping you protect all aspects of your practice. Members automatically receive $50,000 CyberRisk protection and are eligible and encouraged to purchase additional coverage with limits of $1 million.

Additionally, as part of their automatic CyberRisk policy, members and their staff have free access to numerous online employee cybersecurity training modules.

These courses include:

Introduction to Breaches

Data Security Basics

Social Engineering

HIPAA Training Series (with printable certificate)

Safeguarding Information

Payment Card Industry – Identifying Fraudulent Payment Cards

To access these courses, please visit https://cap.nascybernet.com. First-time users will need to register using your CAP member number as your sign-up code.

As the exposure to cybercrimes continues to increase, CAP Physicians Insurance Agency, Inc. is here and ready to help answer your questions and guide you. Work with one of our insurance professionals for a free consultation and no-obligation quote for higher limits on your CyberRisk policy. You can contact CAP Agency by emailing CAPagency@CAPphysicians.com or calling 800-819-0061.