What is Multiple Extortion Ransomware?

Multiple extortion is a trend that is trending especially at the moment. In this article, we explore ransomware combined with extortion.

13-01-2023 - 6 minute read. Posted in: cybercrime.

What is Multiple Extortion Ransomware?

Cyber attacks and cyber criminals' methods are constantly evolving and changing. This means that attacks are becoming more sophisticated at the same time as they are becoming more costly for victims. Multiple extortion ransomware is a relatively new method that, in short, involves ransomware attacks combined with extortion techniques to increase pressure on the victim.

Ransomware is considered one of the biggest cyber threats to businesses and being exposed to multiple extortion ransomware can have devastating consequences. Read on as we go in-depth on what multiple extortion ransomware is and how your organisation can avoid becoming a victim.

The definition of ransomware

Ransomware is a type of malware - a malicious software - that infects a computer, server or network. Ransomware is divided into locker ransomware and crypto-ransomware, the former of which does not encrypt files and data, while crypto-ransomware does.

Once ransomware is installed on one's computer, it encrypts or downloads files and then locks the owner out of the systems. In other words, the data becomes inaccessible to the owner. The victim is then required to pay a ransom, often in cryptocurrency, to the criminals to get their data unlocked again. In this way, ransomware can be seen as a hostage situation, where data, files or entire systems are taken hostage.

Ransomware attacks typically start with phishing, where a victim receives an email with a malicious link or attachment. When this link or file is clicked, malware is downloaded onto the device.

What is a multiple extortion ransomware attack?

In a multiple extortion ransomware attack, the classic ransomware attack is taken to the next level. This means that data, files or systems are locked or encrypted and a ransom demand is made - just like in ransomware.

But multiple extortion ransomware takes it a step further. There are further threats, for example, to publish the stolen data, which will often contain sensitive or confidential information, sell it on the dark web or perhaps delete it if payment is not made by the deadline.

The purpose of multiple extortion ransomware is thus to further pressure the victim into paying the ransom. The method comes in the wake of unsuccessful ransomware attacks where, instead of paying a ransom, victims have been able to restore or unlock data or systems on their own because they had up-to-date backups.

An example of this is the attack on the Danish 7-Eleven chain, which was hit by a ransomware attack in August 2022 that consequently closed all 175 stores nationwide. 7-Eleven managed on its own to get back into full operation after the attack after a few days, without paying a ransom or even engaging with the perpetrators.

For many organisations, leaking confidential or sensitive information will have devastating consequences - which is precisely why multiple extortion ransomware is so effective and dangerous.

Different types of extortion

There are several different techniques and methods of multiple extortion ransomware, as listed below:

  • Leaking or disclosure of data: This method involves cyber criminals threatening to leak or publish data in addition to encrypting or locking files. In this method, the criminal backers exfiltrate the data before locking or encrypting it so that they are able to leak or sell it.

  • DDoS: In this method, the criminals threaten to disrupt the operation of the business as further blackmail if the threat of e.g. leakage or disclosure fails. Here, the attackers carry out a so-called DDoS or denial of service attack, which can cause the server or network to crash.

  • Contact with the victim's customers or other stakeholders: To increase the pressure, the attackers may threaten to contact the organisation's customers or other relevant stakeholders directly. This threat can be effective because contact with customers can have serious consequences for an organisation's reputation.

  • Contact with the victim's competitors: Perpetrators may threaten to sell the stolen data to the organisation's competitors, who may be interested in gaining access to confidential business information.

The list is not exhaustive, and multiple extortion ransomware may thus involve different tactics to increase pressure on a victim. The attackers may use one or more techniques.

How to prevent multiple extortion ransomware

Multiple extortion ransomware attacks are extremely dangerous and costly for victims. Unfortunately, the European Union Agency for Cybersecurity (ENISA) writes in its latest 2022 threat landscape report that ransomware involving extortion is on the rise and that its methods are constantly evolving, becoming more frequent, dangerous and aggressive.

Fortunately, there are precautions that organisations can take to minimise the risk of this happening. We recommend the following:

Use security software

Antivirus software is essential to keep malware off your systems. In line with this, it is important to frequently run a scan on the devices' operating system to avoid viruses. Content filters on the organisation's email servers are also important to have, as they can help prevent phishing emails from finding their way into employees' inboxes.

Remember regular updates

It's important to update systems regularly to keep viruses and malware out. This ensures that you have the latest security updates, making your systems less vulnerable.

Hook backups

It's a good idea to have a backup of all data and files, stored on an offline network or external hard drive. This way you are better off in case of a cyber attack and you don't risk losing everything.

Make sure you have a contingency plan

As an organisation, it is important to have a roadmap of potential cyber security threats and vulnerabilities.

Indeed, being prepared in this way allows you to draw up a contingency plan, which involves a clear plan of how to act in the event of a security breach. This will allow you to deal with and deter any attack effectively and as quickly as possible.

It is also important to test the contingency plan so that all relevant staff are aware of how to act and communicate to others in the event of a cyber attack.

Make sure your employees are aware of the cyber threat

An important tool is to train employees in cybersecurity awareness including how to identify phishing emails. This can be done by receiving simulated phishing emails in your inbox. Indeed, according to ISP Verizon, 82% of all security breaches and incidents are caused by a human element, i.e. personal phishing emails or human error. Similarly, ransomware attacks typically start with phishing.

When receiving emails, it is a good idea to check the email address of the sender as it will often reveal whether it is a legitimate sender or not. Here you should look out for the domain name, i.e. what comes after the "@". In addition, a good trick is to hover over the link without clicking. This will allow you to read the URL and see if it is legitimate or leads to a malicious site.


  • ENISA, "ENISA Threat Landscape 2022."
  • Verizon, "2022 Data Breach Investigations Report."
Author Emilie Hartmann

Emilie Hartmann

Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.

View all posts by Emilie Hartmann

Similar posts