Extortion techniques are evolving. Today, multiple threat actors can be involved in an attack. Even with proof of deletion, your data may still be out there in other threat actors’ hands, exposing your organization to legal and reputational risks.
Extortion incidents no longer just involve encrypted files. Now threat actors are also threatening to expose the fact that your data was stolen and are looking for payment to prevent this.
Double extortion occurs when the threat actor both encrypts and exports (or exfiltrates) data from the victim’s network. The threat actor demands a ransom both for a key to decrypt data on the network and for a promise they will delete stolen data. The data may then find its way into the dark web for others to leverage.
Triple extortion occurs when the threat actor encrypts and also threatens to publish exfiltrated data online AND engages in further pressuring of the victim.
Data deletion is not guaranteed when you are dealing with multiple threat actors. Where once just one threat actor was involved, now there’s a whole supply chain of different entities coordinating for a single attack, in which everyone gets a cut.Devon DeFreitasClient Experience Manager - Cyber Services