Notice: amp_is_available was called incorrectly. `amp_is_available()` (or `amp_is_request()`, formerly `is_amp_endpoint()`) was called too early and so it will not work properly. WordPress is currently doing the `pre_get_posts` hook. Calling this function before the `wp` action means it will not have access to `WP_Query` and the queried object to determine if it is an AMP response, thus neither the `amp_skip_post()` filter nor the AMP enabled toggle will be considered. It appears the theme with slug `publisher` is responsible; please contact the author. Please see Debugging in WordPress for more information. (This message was added in version 2.0.0.) in /home/runcloud/webapps/techilive/wp-includes/functions.php on line 5313
Ransomware's Dangerous New Trick Is Double-Encrypting Your Data -

Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data


Ransomware groups have always taken a more-is-more approach. If a victim pays a ransom and then goes back to business as usual—hit them again. Or don’t just encrypt a target’s systems; steal their data first, so you can threaten to leak it if they don’t pay up. The latest escalation? Ransomware hackers who encrypt a victim’s data twice at the same time.

Double encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other.

“The groups are constantly trying to work out which strategies are best, which net them the most money for the least amount of effort,” says Emsisoft threat analyst Brett Callow. “So in this approach you have a single actor deploying two types of ransomware. The victim decrypts their data and discovers it’s not actually decrypted at all.”


Some victims get two ransom notes at once, Callow says, meaning that the hackers want their victims to know about the double-encryption attack. In other cases, though, victims only see one ransom note and only find out about the second layer of encryption after they’ve paid to eliminate the first.

“Even in a standard single encryption ransomware case, recovery is often an absolute nightmare,” Callow says. “But we are seeing this double encryption tactic often enough that we feel it’s something organizations should be aware of when considering their response.”

 Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. The researchers also note that in this side-by-side scenario, attackers take steps to make the two distinct strains of ransomware look as similar as possible, so it’s more difficult for incident responders to sort out what’s going on. 


Ransomware gangs often operate on a revenue0share model, where one group builds and maintains a strain of ransomware and then rents their attack infrastructure to “affiliates” who carry out specific attacks. Callow says that double encryption fits into this model by allowing clients who want to launch attacks to negotiate splits with two gangs that can each provide a distinct strain of malware.

The question of whether to pay digital ransoms is a thorny and important one. And ransomware victims who choose to pay already need to be wary of the possibility that attackers won’t actually supply a decryption key. But the rise of double encryption as a strategy raises the additional risk that a victim could pay, decrypt their files once, and then discover that they need to pay again for the second key. As a result, the threat of double encryption makes the ability to restore from backups more crucial than ever.

“Remediating from backups is a long complex process, but double encryption doesn’t complicate it further,” Callow says. “If you decide to rebuild from backups you’re starting fresh, so it doesn’t matter how many times the old data has been encrypted.”


For ransomware victims who don’t have adequate backups in the first place or don’t want to take the time to reconstruct their systems from scratch, double encryption attacks pose an additional threat. If fear of double encryption attacks makes victims less likely to pay across the board, though, attackers could back off of the new strategy.

More Great WIRED Stories

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook


We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News


Read original article here

Denial of responsibility! is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – The content will be deleted within 24 hours.

Leave a comment