Double Extortion Ransomware


Double extortion does not necessarily involve multiple extortions, but rather the cybercriminals use several means of pressure for their extortion.

In most cases of ransomware attacks, there is usually one means of pressure: the data of a computer, network or system is encrypted. A ransom is demanded for decryption.

With double extortion ransomware, the cybercriminals add further means of pressure to make the ransom payment as unavoidable as possible for the extorted company.

What exactly does Double Extortion mean?

With Double Extortion Ransomware, cybercriminals can put pressure on their victims by using various means:

  • Sensitive data such as personal information or company secrets. The cybercriminals copy this data before encrypting the system. If the ransom is not paid, they then threaten to publish this data or auction it on the darknet.
  • DDoS attacks, with which cyber criminals render the website of the blackmailed company unusable.
  • Violations of the company against regulations, e.g. against the GDPR, detected by the cyber criminals. Then the ransom demands are often lower than the expected fine.

Where do I face Double Extortion Ransomware in everyday life?

Whether Ransomware or Double Extortion Ransomware – cyber criminals often try to place the malware through phishing emails. So if you detect such an email, it may be that you have just fended off a Double Extortion Ransomware attack.

But you can also be affected by Double Extortion Ransomware without your intervention. For example, the major cyberattack on Mediamarktsaturn in 2021 was carried out by cybercriminals known for Double Extortion Ransomware. In such cases, it can happen that data of customers of the affected company is published. However, to our knowledge, this was not the case after the aforementioned cyberattack.

What can I do to improve my safety?

Cybercriminals use different attack methods for double extortion ransomware. These include phishing emails, brute force attacks on remote access to the corporate network as well as access data bought on the darknet to already compromised networks. Many, but not all, of these attacks can be prevented.

Therefore, we recommend a two-track protection strategy: on the one hand, preventing successful attacks (prevention) and, on the other hand, limiting the damage caused by successful attacks (reaction).

Related articles

  • Darknet

    This anonymous area on the internet is not openly visible and can not be accessed via a search engine. It can only be reached with the help of a special network, the so-called Tor network. Anyone interested can use the network with the appropriate extension for their Internet browser.

    mehr lesen
  • Credential Stuffing

    Credential stuffing is the automated use of exposed username/password combinations to gain access to user accounts and, if necessary, to take them over completely.

    mehr lesen

Are you curious?

Test us for 30 days free of charge and without obligation.

We empower your employees to actively contribute to your company’s cybersecurity.

See for yourself how easily and quickly Perseus can be integrated into your corporate structure.

Test now for free

Do you have any questions about our services?

Do not hesitate to call: + 49 30 95 999 8080

  • Free trial period
  • Without obligation
  • Video training for cyber security and data protection with exam and certificate
  • Try our phishing simulation
  • IT security check, malware scanner, data security check and more
  • Ends automatically after 30 days