CP
cyberpings
Malware & RansomwareHIGH

Multi-Extortion Ransomware - Understanding Its Evolution

Featured image for Multi-Extortion Ransomware - Understanding Its Evolution
BCBleepingComputer
RansomwarePenta SecurityD.AMOUniversity of Mississippi Medical CenterBridgePay
🎯

Basically, multi-extortion ransomware steals data and threatens to leak it unless a ransom is paid.

Quick Summary

Multi-extortion ransomware is on the rise, pressuring victims with data leaks. Healthcare and finance sectors are particularly affected. Organizations must adapt their defenses to protect sensitive data effectively.

What Happened

In February 2026, the University of Mississippi Medical Center (UMMC) suffered a significant ransomware attack. This incident took down the Epic electronic health record system across 35 clinics and over 200 telehealth sites. As a result, numerous chemotherapy appointments were canceled, and non-emergency surgeries were postponed. Medical staff had to revert to paper-based workflows, impacting patient care severely.

UMMC's case is not unique. Recent data indicates that 93% of U.S. healthcare organizations experienced at least one cyberattack in 2025. Alarmingly, 72% of these incidents disrupted patient care directly. Other sectors, like manufacturing and finance, are also vulnerable. For instance, in February 2026, payment processing network BridgePay was attacked, rendering its APIs and payment pages inoperable. Publicly disclosed ransomware attacks surged by 49% year-over-year in 2025, totaling 1,174 confirmed incidents.

The Evolution of Ransomware

Early ransomware attacks followed a simple model: infiltrate a system, encrypt files, and demand payment for the decryption key. However, as organizations began restoring data from backups instead of paying ransoms, attackers adapted. They developed double extortion tactics, where they exfiltrate sensitive files before encrypting the system. Victims are thus pressured to pay to avoid public exposure of their data.

This model has evolved further into triple extortion attacks, where attackers contact victims' customers or partners, applying additional pressure. As of 2025, 124 active ransomware groups were identified, with 73 newly emerged. The rise of AI tools has made these capabilities more accessible, lowering the barrier for entry into cybercrime.

A Defense Architecture for Multi-Extortion Threats

The rise of multi-extortion ransomware necessitates a shift in traditional defense strategies. Perimeter-based prevention is no longer enough. Organizations must adopt a security posture that protects data from being weaponized after a breach. This includes rendering exfiltrated data unreadable, preventing ransomware from accessing files, and enabling rapid recovery.

D.AMO: Blocking Every Stage of a Ransomware Attack

Penta Security's D.AMO platform is designed to address all phases of a multi-extortion ransomware attack. It combines encryption, access control, and backup recovery across both on-premises and cloud environments. Here are some key features:

  • Folder-Level File Encryption: D.AMO KE encrypts files within designated folders at the OS level, ensuring that even if attackers exfiltrate data, it remains unreadable.
  • Access Control: Strict access controls prevent unauthorized applications from accessing encrypted folders, blocking ransomware effectively.
  • Backup and Recovery: In the event of a successful attack, D.AMO allows organizations to restore operations quickly, reducing reliance on ransom negotiations.

As multi-extortion tactics become commonplace, neutralizing the data attackers seek to exploit is crucial. D.AMO addresses each stage of a ransomware attack, providing a unified defense against evolving threats.

🔒 Pro insight: The shift to multi-extortion tactics highlights the need for integrated security solutions that protect data integrity and ensure rapid recovery post-attack.

Original article from

BCBleepingComputer· Sponsored by Penta Security
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Kimsuky - Malicious LNK Files Deliver Python-Based Backdoor

Kimsuky, a North Korean hacker group, is using malicious LNK files to deploy a Python backdoor on victim systems. This multi-stage attack complicates detection efforts, posing serious risks to sensitive data. Stay alert and avoid opening suspicious files to protect your systems.

Cyber Security News·
HIGHMalware & Ransomware

CrystalX RAT - New MaaS Malware Combines Spyware and Access

Kaspersky has uncovered CrystalX RAT, a new MaaS malware that combines spyware and remote access features. This sophisticated tool poses significant risks to users globally. Stay informed and protect your data.

Security Affairs·
HIGHMalware & Ransomware

Malicious Chrome Extension Steals ChatGPT Conversations

A new malicious Chrome extension is stealing ChatGPT conversations and sending them to a hidden Discord channel. This poses serious privacy risks for users. Stay informed and protect your data.

Cyber Security News·
HIGHMalware & Ransomware

Claude Code Source Leak - Malware Exploits Developers' Trust

A source code leak of Anthropic's Claude Code tool has led to malware disguised as 'unlocked' software. Developers are at risk of downloading harmful files. Stay vigilant and verify sources to protect against these threats.

Help Net Security·
HIGHMalware & Ransomware

Venom Stealer - New Malware Turns ClickFix Lures Into Threats

Venom Stealer is a new malware that automates data theft through ClickFix lures. It continuously exfiltrates sensitive information, posing a serious risk to victims. Organizations must implement strong defenses to combat this evolving threat.

Cyber Security News·
HIGHMalware & Ransomware

Phorpiex Botnet - Spreading Ransomware and Sextortion Tactics

The notorious Phorpiex botnet is back, spreading ransomware and sextortion schemes. Millions are at risk as it targets users globally. Stay alert and protect your devices from this evolving threat.

Cyber Security News·