top of page
Search

Ransomware vs. Extortionware: What’s the Real Threat?

  • gracelimlengco
  • 15 hours ago
  • 2 min read

Author: Josh Kither


ree

In today’s cybersecurity landscape, few threats are as disruptive as ransomware and extortionware. While both tactics are used by cybercriminals to pressure organisations into paying hefty ransoms, their methods and impacts differ in ways that are increasingly important to understand.


The Core Difference

Ransomware is the more traditional form of attack: threat actors encrypt critical business data and demand payment for its release. Operations grind to a halt, and the urgency to recover systems often drives decision-making.


Extortionware, however, ups the ante. Instead of and sometimes in addition to encrypting files, attackers exfiltrate sensitive data and threaten to publish or sell it unless paid. Even if systems remain operational, the reputational and regulatory fallout from leaked customer, financial, or intellectual property data can be devastating. This shift marks a move from operational disruption to psychological and reputational warfare.


To Pay or Not to Pay?

One of the most common questions we hear during incident response engagements is: Should we pay the ransom?


When backups are encrypted or sensitive data has been stolen, especially under threat of public exposure, the pressure to pay intensifies. Businesses often feel cornered, desperate to restore operations and avoid reputational damage. But paying doesn’t guarantee safety. Many victims have paid, only to find their data leaked or sold anyway.


Over the past 12 to 18 months, we’ve seen a clear shift in attitudes. The fear of public victim shaming and brand damage has led some organisations to dismiss our advice to seek legal counsel then pay ransoms even when their systems remain functional or they can fully restore from backups. This evolving mindset raises serious questions about transparency, ethics, and long-term risk.


Questions Worth Asking

This trend prompts a deeper reflection:


  • Would you trust a criminal to keep your and your client’s data private after payment?

  • What are your legal obligations for reporting the incident and the ransom / extortion payment? and do you have legal counsel to support you?

  • Will fear of reputational fallout lead to a rise in quiet payments and under-reported breaches?

  • How will this affect the accuracy of next year’s cyber incident statistics?

  • Is protecting end users’ personal information still a priority, or has it become an afterthought?

  • Could the normalisation of discreet payments embolden attackers to target bigger and third-party providers?


Data Ownership Doesn’t Equal Control

As more businesses adopt Software as a Service (SaaS) platforms, the risk landscape shifts. SaaS offers scalability and convenience but also introduces shared risk. If a SaaS provider suffers a large-scale breach, the exfiltrated data may originate from their systems, yet the reputational and operational impact is felt by the businesses relying on them.


Key Takeaways

  • Do you know your reporting obligations in the event of a data breach?

  • What types of data do you store and how sensitive are they?

  • Do you know where your data is stored and what security surrounds it?

  • Who has access to your data, from executives to third-party vendors?

  • What tooling do you have in place to detect data exfiltration?

 
 
 
bottom of page