News

Rubrik, Zscaler Team Up to Fight 'Double Extortion' Ransomware

• By David Ramel
• 05/02/2023

Zero Trust specialist Rubrik has teamed up with cloud security firm Zscaler for what they claim is the industry's first solution to protect against "double extortion" ransomware.

The Zscaler article "What Is Double Extortion Ransomware?" explains this fairly new technique:

Double extortion ransomware is a type of cyberattack in which threat actors exfiltrate a victim's sensitive data in addition to encrypting it, giving the criminal additional leverage to collect ransom payments. A typical ransomware attack will only encrypt a victim's data. The additional threat of exfiltration makes this attack especially dangerous for organizations in all industries.

As such, it differs slightly from regular ransomware, exhibiting a modified kill chain (the stages of an attack):

• Initial access: In this phase, the attacker is able to break into a user's or organizations' systems by using one of the methods listed above.
• Network recon and lateral movement: The bad actor surveys the security landscape to see where they may be detected. Once they have free rein across resources, the attacker moves throughout different parts of the network.
• Data exfiltration (Extortion tactic #1): In the first step of double extortion, data is removed from the device, but not yet held for ransom. To that end, the user is also not yet notified of their data being held hostage.
Ransomware deployment (Extortion tactic #2): This stage takes place during all ransomware attacks. The ransomware is deployed and executed, and the data is encrypted.
• DDoS attack on site or network: At this point, the attack is in full force. The user is notified of the attack on their system, and they're given instructions to pay a ransom in order to get their data back.

Last year, Zscaler reported an almost 120 percent growth in double extortion ransomware, making it one of the most prevalent trends.

To fight the growing new threat, Rubrik fused its data-at-rest intelligence expertise with Zscaler's data-in-motion security chops, addressing the dual aspects of the encryption/exfiltration approach.

"Rubrik is uniquely positioned to partner with Zscaler on defending against double extortion ransomware by addressing both aspects of the dual-pronged attack," the company said in a recent blog post. "Sensitive data insights combined with Zscaler's data loss prevention innovations help mitigate the risk of data exfiltration. Meanwhile, secure backups ensure that data is readily available for fast recovery should production data become encrypted."

The companies said the joint solution, unveiled during the recent RSA Conference 2023 security event, will be become generally available in the coming months.