Ransomware<\/a> is a type of malicious software designed to block access to a computer system or data until a sum of money (ransom) is paid. It typically encrypts the victim’s files, making them inaccessible, and demands payment to provide the decryption key. The ransom demands can range from hundreds to thousands of dollars, often paid in cryptocurrencies like Bitcoin to maintain anonymity.<\/p>\n\n\n\n Double extortion is a technique where attackers not only encrypt the victim’s data but also exfiltrate (steal) it. They threaten to leak the stolen data publicly if the ransom is not paid, adding an additional layer of pressure on the victim to comply. <\/p>\n\n\n\n This technique increases the likelihood of payment, as victims face both data loss and potential reputational damage or legal consequences from data breaches.<\/p>\n\n\n\n The chance of your company to become a potential target of ransomware depends on several factors:<\/p>\n\n\n\n Most criminals use ready-made ransomware-as-a-service builders to create and configure their malware. These builders allow them to specify various parameters of the ransomware, such as the ransom message, amount, and Bitcoin address for payment.<\/p>\n\n\n\n Consider the Chaos ransomware, which provides a builder that allows the operator to set up their custom variant of the malware by clicking a few buttons.<\/p>\n\n\n\n View analysis of the Chaos builder<\/a><\/p>\n\n\n To safely examine the Chaos builder and its executable, we need to upload it to a cloud sandbox like ANY.RUN<\/a>.<\/p>\n\n\n\n\nWhat is double extortion ransomware<\/strong><\/h2>\n\n\n\n
Why your company may become a target of ransomware<\/strong><\/h2>\n\n\n\n
\n
How criminals prepare and deliver ransomware <\/strong><\/h2>\n\n\n\n
Setup process<\/strong><\/h3>\n\n\n\n
![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/01\/image8-2-1024x578.png\")