LOGBOOK

HELP

Quiz Entry - updated: 2026.06.24

What is a "double extortion" ransomware attack?

Attackers both encrypt your data AND steal a copy — then threaten to leak it if you don't pay, even if you can restore from backup.

Classic ransomware only encrypts (attacks availability). Double extortion adds a second lever:

  1. Exfiltrate a copy of the data before encrypting (attacks confidentiality)
  2. Encrypt the victim's files (attacks availability)
  3. Demand payment for the decryption key and to not publish the stolen data

Why it defeats "just restore from backup": even with perfect backups, you can recover availability — but the leak threat remains. The stolen copy is already gone. This is why backups, while essential, are no longer a complete answer.

Real families: Conti, LockBit, and others pioneered the leak-site model — a Conti ransom note, for example, both demands payment for decryption and threatens to publish the downloaded files.

Tip: Double extortion is precisely why encryption at rest + data minimisation still matter even if your backups are flawless — they limit the damage of the exfiltration half.

From Quiz: ISF / Foundations, Key Terms & Ransomware | Updated: Jun 24, 2026