Double and Triple Extortion

The report explains the rise of double and triple extortion ransomware—where attackers exfiltrate data before encryption and add additional coercion such as contacting victims or launching DDoS—to pressure organizations into paying ransoms, illustrated by a large UK pathology provider breach exposing millions of patient interactions; it details consequences (PII exposure, regulatory fines, downstream attacks) and prescribes mitigations including tested backups, strong identity and access controls (MFA), vulnerability management, and 24×7 monitoring and response.