What Are Triple Extortion Ransomware Attacks?

A recent Unit42 report shows ransomware attacks increased by 518% in 2021 compared to 2020. Knowbe4 reports that 83% of attacks that succeeded featured Double and Triple Extortion breaches. Triple extortion is an advanced version of the double extortion attack. Cybercriminals threaten to leak sensitive company data if they are not paid a ransom.

What Are Triple Extortion Ransomware Attacks?

They threaten not only the target organization but also the people or organizations that might be affected by the disclosure of the data. If the target organization fails to cooperate, the cybercriminals may launch other forms of attacks, such as distributed denial-of-service attacks.

What Are Triple Extortion Ransomware Attacks

Statista reports 236.1 million ransomware attacks globally in the first half of 2022. The attacks take billions of dollars from organizations around the world. The importance of preventing ransomware attacks by organizations is growing more than ever.

Although it started a few years ago, triple extortion ransomware attacks are considered one of the newest trends in cybercrime. The attack is orchestrated by experienced cybercriminals, and many organizations are far from getting their solutions. Malicious actors try to make their attacks more complex to extend the attack impact and demand more financial incentives.

This is what led to the evolution of the triple extortion ransomware strategy. It is one of the top emerging threats in cybersecurity. Cybercriminals target an organization and gain access to its sensitive data using high-tech programs. After a successful breach, they threaten the target that they will leak its sensitive data unless they are paid a hefty ransom. The criminals do not stop there. They start calling or sending emails to the organization’s clients. They let them know they have access to their sensitive data and will leak it if the client fails to pay a ransom.

Since it targets both the organization and its clients, triple extortion attacks are considered complicated. The first kind of such an attack was recorded in October 2020 and targeted a healthcare organization and its clients, including health insurance companies associated with the healthcare institution. This new trend of ransomware attacks may also target the business associates such as partners, media, and other stakeholders.

Features of Triple Extortion Ransomware attacks

Triple Extortion Ransomware attacks feature four layers that are used to force organizations to pay a ransom.

  • They do data encryption to make it illegible or unavailable
  • They threaten to leak an organization’s sensitive data if they are not paid a ransom
  • They add pressure to an organization through extra tactics such as distributed denial-of-service (DDoS) and denial-of-service (DoS), where they shut down machines or networks so that users can no longer access them.
  • They steal data and then threaten an organization that they will sell it or expose it to the public. The organization feels pressured and may consider paying the ransom.

All these strategies are meant to increase pressure and play with the psychology of the target to raise the probability of them agreeing to pay. Organizations need to train their employees on cybersecurity consistently. It will help them move from workers without cybersecurity knowledge to intelligent digital workers who can handle most data breach scenarios.

Who is at risk?

Cybercriminals are constantly changing attack tactics to make them more complicated and intricate. It makes it harder for organizations to detect possible threats until they happen. Triple extortion ransomware attacks increase the level of threats and losses.

A Verizon Data Breach and Investigation report 2022 shows ransomware attacks continue to record an upward trend at a 13% year-to-year increase since 2017. In the past five years, 25% of the total breaches recorded featured ransomware. No organization is safe from the complexities of triple extortion attacks. The attack trends show cybercriminals pay closer attention to organizations such as:

  • Healthcare providers, including health insurance companies
  • Government institutions such as immigration, defense, and the CIA
  • Financial institutions such as banks, mortgage companies, credit unions, and lenders
  • Major retail chains
  • Software developers
  • Social media organizations

Cybercriminals aim to extort money, and they will target any type of organization as long as they can get paid. In the first triple extortion scenario in 2020, the cybercriminals demanded a $2.3 million ransom. They encrypted and stole the organization’s data. They also started calling and writing to patients treated at healthcare institutions and threatened to sell or publish their data in the public domain.

In 2021, sensitive data belonging to the D.C. police were leaked to the public after the department refused to pay a $4 million ransom to attackers. The data included intelligence information, witness names, and sensitive employee data. Every organization that stores sensitive data is a key triple extortion ransomware attack target and should take every precaution to prevent it. Attackers first study the target’s cybersecurity preparedness and loopholes before they unleash attacks.

What is the solution?

Organizations are not entirely vulnerable when it comes to triple extortion ransomware attacks. Organizations should keep evolving in their cyberattack prevention strategies as cybercriminals evolve in their tactics. Most organizations already have strong data security measures in place and only need to strengthen them to keep them safe from new attack trends. Some of the solutions available are as follows:

  • Keep secure backups: Secure backups mean maintaining an offline backup by having a copy that is not connected to the organization’s network. The organization should have a cloud-based and disk-based backup too.
  • Keep security tools up to date: Keeping all security tools up to date helps detect security breaches in real time. Some of the tools send warnings if there is a breach attempt for quick action.
  • Use encryption strategy: Encryption ensures cybercriminals are not able to read breached data. It makes it harder for them to leak it because the public cannot read it.
  • Use anti-ransomware solutions: Ransomware accounts for the largest portion of cyberattacks globally. Use anti-ransomware solutions and educate employees about keeping their gadgets and the network system safe.


Ransomware attackers are a major cybersecurity threat to organizations. Total attacks in 2021 increased by 518% compared to 2020. Triple extortion ransomware attacks are a new threat in the cybersecurity field. Cybercriminals target an organization, including its clients, associates, and other stakeholders. They threaten to leak their data unless they are paid a ransom. Preventive measures include educating employees, use of backups, and keeping online security tools updated.