Digital Forensics Dispatch

Antivirus Company Warns About “Double-Encryption” With Ransomware

May 18, 2021

According to a WIRED article, an emerging threat in the cybersecurity field is gaining traction. Antivirus company Emsisost is warning customers that they have noticed multiple incidents where the attacker intentionally “layers two types of ransomware on top of each other” which acts as a double-encryption technique. Meaning, once a victim pays a ransom and receives a decryption key, their data may still be unavailable.

Brett Callow, a threat analyst an Emsisosft, says that it’s possible that victims will get notice of the double encryption before the ransom is paid. In other instances, victims will only learn about the double-encryption after they’ve paid to restore their systems from the first layer. Callow says, “we are seeing this double-encryption tactic often enough that we feel it’s something organizations should be aware of when considering their response.”

How do you decide whether to pay a ransom or not? Well, that’s a popular discussion in the cybersecurity world. There is no guarantee that your data will ever be returned after successful payment. In a Forbes article from this year, it was discovered that only 8% of organizations that paid the ransom after an attack got all their data back.

This new and emerging threat of double-encryption in ransomware attacks places a huge importance on ensuring regular backups are occurring in order to mitigate the severity of any future attacks.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics