Pattern Drive Private Limited

Double Extortion Ransomware Attacks On Organizations

How Double Extortion Ransomware Attacks Are Taking Toll On Organizations?

Updated on: 16/02/2023

1639 Views | 1 Comments

2020 did not only bring with it the pandemic but also a remote workforce that requires access to confidential data and organizational networks. As a result of which the industry has faced a shift to double extortion ransomware attacks. In this condition ransomware first employs data exfiltration even before the system is encrypted by it. This includes databases, contact lists, accounting spreadsheets, and also other official documents. 

Here is a Double extortion meaning. It is a new approach adopted by the ransom group in 2020. Backups are useless here as the hackers will threaten you to leak all the information that they have acquired. Through the process of double extortion, the cybercriminals want to get their hands on payments. It is considered as a direct response to the increased use of offline and offsite backups. 

Many companies now have identified the threat of double extortion ransomware attacks and have protected themselves from that damage by restoring all their files from offline backups. Offline backups cannot be accessed by ransomware as they are not connected with the network. Through the process of data infiltration, the threat actors can ensure leakage of all your sensitive information. This will lead to Ransome even if the victim has all the data backed up. 

Researchers have found that vendors, partners, and even clients of hard targets become victims of double extortion ransomware attacks. Third-party are targeted because they are soft targets from whom data infiltration becomes easy. Even though the businesses take best security practices and preventions, but third-party susceptibility, clients and business partners can still compromise their security.

How Is Double Extortion Ransomware Attacks Spread?

Below are the parameters based on which double extortion ransomware attacks spread across various organizations. 

Organized crime groups and their victims

The ransomware crime gangs have taken their crime to the next level where they are seen boasting about their crimes on the dark web. There are nine major websites that use victim’s data by auctioning or even publishing: NetWalker, DopplePaymer, CLOP, Pysa Mespinosa, Ragnar Locker, Ravil, Maze, Sekhmet, and Nephilim. To prove their authenticity some have even posted images of the passport, emails, contact of the victims. 

Geographical Distribution

There may be times when the geographical distributions of successful ransom attacks can be random but country size and wealth can also show some results. Some most developed countries in the world are the United States, the UK, and France. While Canada among them has very less population and economy but has long historical records of collaborating with the United States several times. Thus the collaboration of both the economies has formed a cluster of companies on both the sides that communicate with each other regularly and is known to spread the ransomware infection on a regular basis. Similar cases can also be seen in other parts of the world like Europe, Asia, and South America. 

Size Of Business

Organizations targeted by double extortion ransomware attacks varied from electronic manufacturers to textiles to commercial printers to defense contractors. The success of ransomware groups depends on the size of the business. Malicious actors aim to target organizations that have from 20 to 200 employees that account for two-thirds of double extortion ransomware attacks. 

The lowest number of ransomware attacks 2021 were faced by the smallest and largest entities. This is because the firms that had the smallest number of employees could not fill Ransome and the ones with the largest number of employees had robust security systems. 

Backups are no longer effective in breach mitigation

Previously companies used offline backup as an efficient second-line protection that will mitigate ransomware breaches. Initially, it was effective as an offline backup did not require any connection and so it was difficult for ransomware attackers to attack the data. But now the mix of cyber extortion attacks with ransomware has increased the chances of external threats. These ransomware groups have always targeted corporate networks but the organizations that have incorporated the best security measures of the industry can be spared from such breaches. But since these malicious attackers are targeting clients and third parties again these entities have little control over those securities. 

Example Of Double Extortion Ransomware Attacks

Now that you know about ransomware and how it can be harmful to your data, here are some real-life scenarios that will help you to understand how these attacks take place in reality. Have you heard of quadruple extortion? Basically, if the victim does not keep the things strictly among them and the threat actors, the ransomware gangs will just leak or destroy their data. That is quadruple extortion. There are many types of ransomware like Darkside ransomware, maze ransomware, and many more. Now let us have a look at some of the recent ransomware attacks. 

  • NHS: In 2017, the NHS, which is the National Health Service of the UK was brought to a standstill for multiple days because of the WannaCry outbreak, agonizing more than 200,000 computers in more than 150 nations and resulting in the cancellation of numerous appointments and functions and the frantic resettlement of emergency patients from stricken emergency centers. Staff was also forced to change to pen and paper and use their personal mobiles after the attack impacted key systems, that includes telephones.
  • Gremlin unveiled: Even though the strain of ransomware was not assured, an NCSC advisory released the same day as its notice on the Eurofins incident emphasized the risk from Ryuk ransomware: this is often not observed until a period of time after the primary infection that ranges from days to months, which enables the actor time to carry out exploration inside an infected network, determining and targeting important network systems and therefore maximizing the influence of the attack.


Even though there is no sure shot bullet for cyber security there are still measures available that the companies can take to protect their security. Training employees to identify threats, updating software, upgrading the devices can help to prevent double extortion ransomware attacks. But preventing this is not enough as the cyber world is prone to ransomware attacks. You should be well sound about triple extortion ransomware attacks as well. But through the procedures like proper guidance, cybersecurity investigation, and many more these threats can be eliminated to some extent. 




Leave a Comment

By Submitting you agree to our Terms of Service and Privacy Policy.


Simba Mar 05, 2022

Great information and very well written.