Ransomware: Double, Triple, Quadruple Extortion Defined
Originally, ransomware involved encrypting an organization’s data and demanding payment to provide the decryption key. This is referred to as single extortion, because it involves a single extortion technique. Over the years, ransomware operators have added extortion techniques, so modern ransomware operations are often multi-tiered. These are referred to as double, triple, or quadruple extortion.
Single Extortion
Ransomware operators encrypt data, demand payment to provide the decryption key.
Double Extortion
Ransomware operators exfiltrate data, and demand payment from the victim to not release the data.
Ransomware operators encrypt data, and demand payment to provide the decryption key.
Triple Extortion
Ransomware operators exfiltrate data, and demand payment from the victim to not release the data.
Ransomware operators encrypt data, and demand payment to provide the decryption key.
Some say the third level of extortion is when ransomware operators contact people who would be affected by the release of the stolen data, and demand payment to not release the data. Other say it’s when ransomware operators launch DDoS attacks against the victim, and demand payment to stop.
Quadruple Extortion & Beyond
There are several other forms of extortion that ransomware operators have been using. Basically, they add techniques to increase the amount or speed of payment, or to extort other victims.
Ransomware operators threaten greater consequences if the victim involves law enforcement, data recovery experts, or professional negotiators.
Ransomware operators steal credentials from victim’s employees and customers, to sell or use.
Ransomware operators install cryptomining software on victim’s network.
Ransomware operators send phishing emails from the victim’s network, to compromise additional organizations.
