Double extortion attacks are a type of ransomware attack with higher stakes. In a regular ransomware attack, a hacker will infiltrate a company’s network, encrypt the data and demand a ransom to release it. This causes disruption as, whilst their systems and data are inaccessible, it’s difficult to continue working. 

Whilst this is particularly dangerous for sectors such as healthcare, where not being able to access certain systems could be the difference between life and death, in general it’s just inconvenient for organisations. And there are ways to reduce disruption, such as regularly backing up files on a separate server. As such, there is less incentive to pay the ransom. In fact, the general advice from law enforcement is that you shouldn’t pay. There is no guarantee that your data will be returned and it only encourages further attacks.

How is double extortion different?

Double extortion adds an extra layer to the ransomware threat as hackers not only encrypt the data, but they also steal it and save it in a different location. This is usually done before the data is encrypted. If the ransom is not paid, the data can be sold on the black market which provides companies with an extra reason to pay the ransom, because the cost of a data breach is very high. 


Some high profile examples of this type of attack include the one on the Colonial Pipeline, in which hackers stole 100GB of data, and the one on Ireland’s Health Service Executive system, where hackers demanded a $20m ransom for the return of patient data.

What is multi-extortion ransomware?

Some cyber criminals are now going even further to secure a ransom, by adding additional levels of attack. This is known as triple or multi-extortion ransomware. In addition to stealing and encrypting data, hackers will threaten to launch a Distributed-Denial-of-Service (DDoS) attack against the victim’s infrastructure which could make them inoperable, or even extend the ransom threat to third parties, such as suppliers or customers. In some cases, ransomware gangs have threatened to short sell a company’s stock. The aim of this is to put the most amount of pressure possible on the victim company to pay the ransom.

How to prevent multi-extortion attacks?

There are several ways to reduce the threat of this type of attack. Firstly, it’s important to establish policies around access and handling of sensitive information, such as implementing a zero-trust approach to cybersecurity. It’s also crucial to protect your systems and continuously monitor them for malicious activity. Finally, you should maintain secure back-ups of all data to minimise the disruption in case of an attack.