Akamai Technologies warns: 4-step blackmail defines the new face of ransomware

Cybercriminals are refining their methods, moving to more complex, four-phase extortion tactics to maximise the pressure on their victims.

According to the latest ‘Ransomware 2025’ report published by Akamai Technologies, although double blackmail – involving the encryption of data and the threat of making it public – is still the dominant method, a new, more aggressive trend is on the horizon.

The new tactic, referred to as quadruple extortion, expands the attackers’ arsenal to include additional activities. In addition to data theft and encryption, cybercriminals are turning to DDoS (distributed denial of service) attacks to cripple a company’s operations.

Moreover, third parties such as customers, business partners or the media are also harassed to increase psychological pressure. These actions turn a cyber-attack into a widespread business crisis that forces organisations to fundamentally rethink their existing security and incident response strategies.

A significant driver of the evolution and scale of threats is the growing role of generative artificial intelligence and large language models (LLMs).

These tools significantly lower the entry threshold for less experienced criminals, allowing them to create advanced ransomware code and refine their social engineering techniques, resulting in more effective campaigns.

The report also highlights the growing activity of hybrid groups that combine financial motivations with hacktivism. They use ransomware-as-a-service (RaaS) platforms to amplify their influence. Similar strategies, albeit with different objectives, guide cryptomining groups.

Akamai’s analysis found that almost half of such attacks targeted the education sector and NGOs, likely due to their limited resources for cyber security. The changing threat landscape poses new challenges for companies that include not only technology, but also legal and regulatory aspects.