Akamai Warns of ‘Quadruple Extortion’ Ransomware in 2025
Jeriel Isaiah Layantara
CEO & Founder of Round Bytes
Hello readers! We are excited to bring you a huge announcement in the world of cybersecurity. Akamai Technologies, one of the leaders in cloud computing and security, has released a new report about how ransomware attacks are becoming much more sophisticated and dangerous. The report drew from the company's research, which revealed that ransomware attackers have already begun to use an alarming 'quadruple extortion' tactic that is more complex and more than we have seen before.
Ransomware Attacks
For a long while, a ransomware attack was one discrete event: a threat actor would encrypt an organization’s data and ask for a ransom to release it. Then, organizations improved their data backup processes and threat actors changed their tactics to double extortion meaning not only would they encrypt the data, but they would also steal it and threaten to release it if the ransom wasn't paid.
The new report, "Ransomware Report 2025: Building Resilience in a Volatile Threat Landscape" explains that threat actors are not stopping at double extortion. They are now using a quadruple extortion tactic which applies two layers to the attack.
- Distributed Denial-of-Service (DDoS) Attacks: The attackers DDoS the company to overwhelm its network with traffic and stop all daily business operations.
- Third-Party Harassment: In conjunction with the ransom, they also reach out to the company’s customers, partners, and media to maximize pressure on the victim publicly.
These tactics are turning a cyberattack into a business crisis. According to Steve Winterfeld, Advisory CISO at Akamai, "Ransomware threats are not just about encryption anymore. The adversaries will not only use stolen data, they will expose it publicly, and force service outages to put pressure on their victim. Through such methods, they will make a cyberattack into a business crisis, forcing companies to rethink how they prepare and respond."
Key Takeaways from the Akamai Report
The Akamai SOTI report presents additional relevant trends that continue to reshape the cybersecurity landscape:
AI Will Increase Attacks
The report mentions that with the development of generative AI (GenAI) and LLMs (large language models), individuals with little-to-no technical expertise can still launch advanced ransomware attacks. They simply leverage these tools for writing ransomware code, enhancing social engineering campaigns, and other related functions.
Hybrid Groups Will Increase
The report discusses an increasing trend of hybrid hacktivist and ransomware groups that includes motivation rooted in politically, ideologically, or financially, or security advancing motivations. Depending on which hybrid group is involved, the latter groups (those with a rooted motivation) use Ransomware as a Service (RaaS) platforms to enhance their impact. The Akamai report mentions a group called Dragon RaaS, which developed from Stormous in 2024 and began targeting smaller organizations with worse security practices.
Cryptomining Threats
Akamai research discussed how cryptomining attacks utilize similar tactics as ransomware groups. Akamai reports that almost half of the analyzed cryptomining attacks targeted nonprofit and educational organizations (NPOs). This indicates that attackers will pick on these industries due to their limitations in resources and comparatively less secure defenses.
The TrickBot Threat
According to the report, the TrickBot malware family is a frequently used tool by ransomware groups and has been highly successful in extorting over US$724 million in cryptocurrency from victims since 2016. The Akamai Guardicore Hunt Team recently found this malware family associated with suspicious task listings across several of its customers' systems.
A Focus on Resilience and Regulations
The Akamai report also contains an examination of the current legal and regulatory environment. James A. Casey, Vice President and Chief Privacy Officer at Akamai, points out that there are existing cybersecurity laws that apply to ransomware, while specific laws begin to focus on discouraging ransomware payments. Casey emphasizes that strong cybersecurity, the reporting of incidents, and effective risk management are paramount.
To increase resilience against these emerging threats, the report stresses methods such as Zero Trust and microsegmentation. Zero Trust is a "never trust, always verify" model and microsegmentation is a way to separate network segments to constrain an attackers access during an attack. Today, incorporating Zero Trust and microsegmentation will make it more difficult for attackers to maneuver through a company network to escalate extortion.
The report is a valuable asset for organizations. It provides a detailed analysis of how cybercriminals continue to change their tactics, and gives practical suggestions on how to strengthen defenses against a volatile and complex threat landscape.
