Ransomware attackers are not just encrypting data anymore. They’re exfiltrating sensitive information and threatening to leak it unless the ransom is paid. Modern ransomware attacks focus on encrypting victims’ data and demanding payment for the decryption key, often combined with double or triple extortion tactics—such as data theft and threats of public exposure—to maximize pressure on victims. These multi-layered extortion methods have become a common and effective strategy in the execution of ransomware campaigns.
Double Extortion Tactics
Double extortion is a process that engages a two-pronged approach to carry out the ransomware attack. The first step in a ransomware attack typically involves encrypting the victim’s data, following traditional methods to block access and demand a ransom in exchange for the decryption key. This renders critical files inaccessible, disrupting operations and forcing victims into a difficult decision.