What is Double-Extortion Hacking?
First Major 2022 Hack Targets Infrastructure Consultant!
Reports have surfaced in the past couple of days regarding what is perhaps 2022’s first major cyberattack, and this one has the dangerous potential to spawn similar copycat hacks.
Thales, the French company specializing in aerospace, defense, and security, was hit by the notorious Lockbit ransomware gang, creators of the Lockbit 2.0 ransomware strain. Many details regarding the attack are yet to be known, but it can be surmised that the attack has led to the encryption of vital data, in addition to the threat of the public release of proprietary industry secrets. The information is set to be released on January 17th if ransom demands are not met.
The gang had previously attacked the Accenture technology consulting group that specializes in infrastructure, artificial intelligence, security, and technology consulting. The August 2021 attack saw the hackers also threaten to publicly display information in a trend that is gaining steam as hackers increasingly target high-level technology and defense firms that possess industry secrets or original intellectual property potentially worth billions of dollars.
What is Double-Extortion Hacking?
Double-Extortion ransomware gangs threaten to release information stolen from victims as a means to compel payment.
In addition to the simple locking of files that can be easily overcome by maintaining backups of critical data, in double-extortion hacks, the criminals will post documents publicly from victims that refuse to pay.
The ransomware gangs behind the attacks operate what are known as “leak sites,” where the information is accessible to anyone. Should the victims pay within the pre established time frame, the information is kept private, and the hackers provide the victim with a decryption key required to restore their network.
*According to cybersecurity researchers at ZeroFox, there were over two dozen new dark web leak sites associated with ransomware attacks created from March of 2020 to May of 2021.
According to the website www.lemondeinformatique.fr, Thales responded to the attack on January 3rd with this message: “We are aware of an alleged attack by the 'Lockbit ransomware' targeting data that would belong to the Thales group. Despite the fact that we have not received any direct ransom notification, we take this still unfounded allegation - and whatever its source - seriously.
A dedicated team of security experts is currently investigating the situation. At this point, there is no factual evidence of this attack, however we continue to conduct investigations, with the security of our data a priority."
The attack on Thales is particularly scary as recent reports indicate a rise in attacks against military, technology, and infrastructure targets. These kinds of hacking attacks, particularly those that utilize double-extortion tactics, can be easily leveraged by governments to gain a militaristic edge, and will continue to be a heavily utilized weapon in the ongoing global cyberwar currently underway.
Julio is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. Julio’s writing focuses on cybersecurity and politics. Websites including Newsmax, Townhall, American Thinker and BizPacReview have published Julio’s work.