What is a Triple Extortion Attack?
A triple extortion attack is in essence a multi-layered ransomware attack. Bad actors still do deploy ransomware to encrypt files and demand a ransom for the key as in a traditional attack. But additionally, they exfiltrate (steal) sensitive data before the encryption and threaten victims with its release if they don’t pay. And the third layer threatens a DDoS (distributed denial of service) attack or other forms of harassment – again, to force payment.
How to Recognize This Threat: The first triple extortion attack was documented in fall 2020, and multiple ransomware cells have taken up the technique since. There is no specific signifier of such an attack. Once an organization is a victim of ransomware, attackers will reach out with their demands. And if those demands include the additional layers of threats, triple extortion is involved.
How to Prevent This Threat: To protect against ransomware, organizations should employ a layered security approach. Train employees to spot email and web-based threats, and require multifactor authentication for access. Deploy a firewall with a full suite of continuously updating security services. Ensure all organizational endpoints have additional protection. And backup files regularly to prevent encryption from stopping business in its tracks.