Full Report
Joanna England reports: Akamai Technologies, the cybersecurity and cloud computing company that powers and protects business online, has found that bad actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach. With ransomware accounting for more than half of the total data breaches in this region... Source
Analysis Summary
# Incident Report: Evolving Ransomware Extortion Tactics in APAC
## Executive Summary
Cyber threat actors, particularly in the Asia Pacific (APAC) region, are escalating ransomware tactics beyond traditional double extortion to utilize new quadruple extortion methods. These evolving attacks leverage data encryption combined with threats of public release, DDoS attacks, and pressure applied to an organization's third parties (customers, partners, or media). Ransomware operations accounted for over half of all data breaches in APAC in 2024, necessitating urgent fortification of cyber defenses.
## Incident Details
- Discovery Date: Data referenced covers trends observed through **2024 and early 2025.**
- Incident Date: Trends observed throughout **2024**.
- Affected Organization: Not specified; analysis based on trends across **APAC enterprises**.
- Sector: General **Enterprises/Businesses** (implied by wide scope of Akamai report).
- Geography: **Asia Pacific (APAC)**
## Timeline of Events
### Initial Access
- Date/Time: Not specified (part of ongoing attack campaigns).
- Vector: Not explicitly detailed (assumed vectors leading to initial data access for ransomware).
- Details: N/A
### Lateral Movement
- Covered within the broader scope of ransomware post-encryption/exfiltration.
- Details: Not specified beyond the successful deployment needed for extortion.
### Data Exfiltration/Impact
- Attackers **encrypt victim data** (standard ransomware impact).
- Attackers **threaten to leak encrypted data** (double extortion).
- **Quadruple Extortion** adds:
1. **DDoS Attacks** against the victim.
2. **Pressure Campaigns** targeting third parties (customers, partners, media).
### Detection & Response
- Discovery Date: Data presented in the **Akamai SOTI Report** published around September 2025, analyzing 2024 activity.
- Response actions: Enterprises are urged to **scrutinize and strengthen cyber defenses** and ensure **business resilience.**
## Attack Methodology
- Initial Access: Not specified (standard vector for ransomware).
- Persistence: Not specified.
- Privilege Escalation: Not specified.
- Defense Evasion: Not specified.
- Credential Access: Not specified.
- Discovery: Not specified.
- Lateral Movement: Not specified.
- Collection: **Data collection/exfiltration** is a prerequisite for double and quadruple extortion.
- Exfiltration: **Data is stolen** prior to encryption and threatened for public release.
- Impact: **Data Encryption** combined with **extortionary threats** (DDoS, third-party leverage).
## Impact Assessment
- Financial: Not quantified, but implied high due to ransomware prevalence (over half of breaches in APAC in 2024).
- Data Breach: Sensitive data is stolen and threatened for public release.
- Operational: Potential for operational disruption via **DDoS attacks** associated with quadruple extortion.
- Reputational: High risk due to public leaking threats and pressure applied to customers/partners.
## Indicators of Compromise
*Note: This report summarizes attack methodology trends, not specific IoCs from a single incident.*
- Network indicators: Potential for high-volume traffic associated with **DDoS attacks**.
- File indicators: Presence of **ransomware encryption files**.
- Behavioral indicators: Evidence of data staging/exfiltration prior to encryption; communications indicating pressure on business partners.
## Response Actions
*Note: Actions listed are general recommendations based on the threat landscape described.*
- Containment measures: Standard incident response protocols for confirmed ransomware infection.
- Eradication steps: Removal of ransomware strain and related persistence mechanisms.
- Recovery actions: Restoration of services and data from secure backups. Specific response to DDoS and third-party pressure required.
## Lessons Learned
- Double extortion remains the most common ransomware attack vector.
- The trend is rapidly evolving towards **quadruple extortion**, adding DDoS and third-party leverage as core intimidation tools.
- APAC enterprises experienced a significant threat environment in 2024, with ransomware driving the majority of breaches.
## Recommendations
- Implement robust **data backup and disaster recovery plans** to mitigate encryption impact.
- Harden external defenses, particularly perimeter monitoring, to detect and mitigate **Distributed Denial of Service (DDoS)** attacks.
- Develop **third-party risk management and communication plans** to prepare for attacks targeting vendors, customers, or the supply chain.
- Focus on **stopping initial access and preventing data exfiltration** to neutralize extortion leverage.