Extortion techniques are evolving. Today, multiple threat actors can be involved in an attack. Even with proof of deletion, your data may still be out there in other threat actors’ hands, exposing your organization to legal and reputational risks.

Extortion incidents no longer just involve encrypted files. Now threat actors are also threatening to expose the fact that your data was stolen and are looking for payment to prevent this.

Double extortion occurs when the threat actor both encrypts and exports (or exfiltrates) data from the victim’s network. The threat actor demands a ransom both for a key to decrypt data on the network and for a promise they will delete stolen data. The data may then find its way into the dark web for others to leverage.

• Even if the original threat actor has been paid for data destruction, it is almost impossible to ensure that the information is not accidentally or intentionally shared with other threat actors.
• This now happens in the majority of extortion incidents, including 2 out of every 3 of the incidents Beazley’s Cyber Services team saw in Q1 of 2022.

Triple extortion occurs when the threat actor encrypts and also threatens to publish exfiltrated data online AND engages in further pressuring of the victim.

• The attacker may threaten denial of service attacks against the victim’s remaining infrastructure.
• Threat actors may also review exfiltrated data and threaten to contact any individuals whose details are contained within if the targeted organization doesn’t pay.