Double/Triple Extorsion

These are ransomware attacks in which cyber attackers mobilise two or even three pressure channels to obtain payment of the ransom.

Although companies are now aware of the need for cybersecurity in the face of ransomware attacks and are increasingly prepared to deal with them from a technical point of view, this type of attack has the potential to have a major operational and financial impact on the company, as well as on its reputation.

What is extortion?

In a standard ransomware attack, cybercriminals encrypt your data and demand payment in exchange for the decryption key. This type of attack has been around in one form or another for over 30 years. All this time has given the security industry a chance to develop best practices for protecting systems against this type of attack. Cybercriminals have seen their profits plummet as more of these standard ransomware or one-off extortion attacks fail.

What is double extortion?

In double extortion attacks, cybercriminals exfiltrate data before encrypting it. If an organisation appears reluctant to pay the ransom (perhaps because it has a full offsite backup from which to restore its systems), the attacker threatens to publish the stolen data on the dark web, exposing customer information and the organisation.

What is triple extortion?

This relatively new type of attack allows cybercriminals to extend a single attack into multiple payments. As well as encrypting data, stealing it and threatening to release it unless the ransom is paid, they now contact people who are likely to be affected by the release of the data and ask them to pay at the risk of their information being exposed.

In other words, it’s no longer enough to have full backups of your system data stored off-site. With the rise of double and triple extortion, the risk of reputational damage has proven to be an effective tool for cybercriminals to extract payment.