Ransomware: Double, Triple, Quadruple Extortion Defined

Originally, ransomware involved encrypting an organization’s data and demanding payment to provide the decryption key. This is referred to as single extortion, because it involves a single extortion technique. Over the years, ransomware operators have added extortion techniques, so modern ransomware operations are often multi-tiered. These are referred to as double, triple, or quadruple extortion.

Photo by Michael Geiger on Unsplash

Single Extortion

Ransomware operators encrypt data, demand payment to provide the decryption key.

Double Extortion

Ransomware operators exfiltrate data, and demand payment from the victim to not release the data.

Ransomware operators encrypt data, and demand payment to provide the decryption key.

Triple Extortion

Ransomware operators exfiltrate data, and demand payment from the victim to not release the data.

Ransomware operators encrypt data, and demand payment to provide the decryption key.

Some say the third level of extortion is when ransomware operators contact people who would be affected by the release of the stolen data, and demand payment to not release the data. Other say it’s when ransomware operators launch DDoS attacks against the victim, and demand payment to stop.

Quadruple Extortion & Beyond

There are several other forms of extortion that ransomware operators have been using. Basically, they add techniques to increase the amount or speed of payment, or to extort other victims.

Ransomware operators threaten greater consequences if the victim involves law enforcement, data recovery experts, or professional negotiators.

Ransomware operators steal credentials from victim’s employees and customers, to sell or use.

Ransomware operators install cryptomining software on victim’s network.

Ransomware operators send phishing emails from the victim’s network, to compromise additional organizations.

Additional Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chad Warner

Seeking a cyber threat intelligence (CTI) or OSINT job. I'm a CTI, OSINT, & cybersecurity enthusiast; bookworm; and fan of Tolkien & LEGO.